From: Boris Ranto <branto@redhat.com>
Date: Mon, 13 Mar 2017 16:51:45 +0000 (+0100)
Subject: selinux: Allow ceph daemons to read net stats
X-Git-Tag: v12.0.1~80^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=dfd68800716bed644f9969a1194276dce936c09d;p=ceph.git

selinux: Allow ceph daemons to read net stats

Fixes: http://tracker.ceph.com/issues/19254

Signed-off-by: Boris Ranto <branto@redhat.com>
---

diff --git a/selinux/ceph.te b/selinux/ceph.te
index 4eab40d8fc56..5c6bb8ea29ff 100644
--- a/selinux/ceph.te
+++ b/selinux/ceph.te
@@ -58,6 +58,7 @@ manage_files_pattern(ceph_t, ceph_var_run_t, ceph_var_run_t)
 manage_lnk_files_pattern(ceph_t, ceph_var_run_t, ceph_var_run_t)
 
 kernel_read_system_state(ceph_t)
+kernel_read_network_state(ceph_t)
 
 corenet_all_recvfrom_unlabeled(ceph_t)
 corenet_all_recvfrom_netlabel(ceph_t)