From: Zack Cerza <zack@redhat.com>
Date: Mon, 26 Jun 2017 21:26:35 +0000 (-0600)
Subject: selinux: Allow collectd to write in /var/log/
X-Git-Tag: v1.0~57^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=f669c5257058e08097613122fbbab61a77e92af8;p=cephmetrics.git

selinux: Allow collectd to write in /var/log/

Signed-off-by: Zack Cerza <zack@redhat.com>
---

diff --git a/selinux/cephmetrics.te b/selinux/cephmetrics.te
index 75367b5..f7d39cb 100644
--- a/selinux/cephmetrics.te
+++ b/selinux/cephmetrics.te
@@ -17,6 +17,8 @@ require {
 allow collectd_t ceph_t:unix_stream_socket connectto;
 allow collectd_t ceph_var_run_t:dir read;
 allow collectd_t self:capability2 block_suspend;
+allow collectd_t var_log_t:dir { add_name write };
+allow collectd_t var_log_t:file create;
 corecmd_exec_shell(collectd_t)
 files_list_tmp(collectd_t)
 libs_exec_ldconfig(collectd_t)