From: Boris Ranto <branto@redhat.com>
Date: Thu, 29 Sep 2016 10:08:39 +0000 (+0200)
Subject: selinux: Allow ceph to manage tmp files
X-Git-Tag: v11.0.1~35^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=f8a0e201ee54759695ef44f7ed98b3b9705fafe3;p=ceph.git

selinux: Allow ceph to manage tmp files

Two new denials showed up in testing that relate to ceph trying to
manage (rename and unlink) tmp files. This commit allows ceph to manage
the files.

Fixes: http://tracker.ceph.com/issues/17436

Signed-off-by: Boris Ranto <branto@redhat.com>
---

diff --git a/selinux/ceph.te b/selinux/ceph.te
index 179396aaef9a..4eab40d8fc56 100644
--- a/selinux/ceph.te
+++ b/selinux/ceph.te
@@ -93,6 +93,7 @@ allow ceph_t self:tcp_socket { accept listen };
 corenet_tcp_connect_cyphesis_port(ceph_t)
 corenet_tcp_connect_generic_port(ceph_t)
 files_list_tmp(ceph_t)
+files_manage_generic_tmp_files(ceph_t)
 fstools_exec(ceph_t)
 nis_use_ypbind_uncond(ceph_t)
 storage_raw_rw_fixed_disk(ceph_t)