From: Zack Cerza <zack@redhat.com>
Date: Mon, 24 Jul 2017 23:09:02 +0000 (-0700)
Subject: Update SELinux policy
X-Git-Tag: v1.0~40^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=ff83d75138a04786eb763ccdb444102216bfa2aa;p=cephmetrics.git

Update SELinux policy

The collectors need to be able to determine whether an OSD uses
filestore or bluestore

Signed-off-by: Zack Cerza <zack@redhat.com>
---

diff --git a/selinux/cephmetrics.te b/selinux/cephmetrics.te
index f0e7add..9e95937 100644
--- a/selinux/cephmetrics.te
+++ b/selinux/cephmetrics.te
@@ -5,6 +5,7 @@ require {
 	type ceph_t;
 	type ceph_var_run_t;
 	type ceph_var_lib_t;
+	type fixed_disk_device_t;
 	class unix_stream_socket connectto;
 	class dir read;
 	class file getattr;
@@ -17,6 +18,9 @@ require {
 allow collectd_t ceph_t:unix_stream_socket connectto;
 allow collectd_t ceph_var_run_t:dir read;
 allow collectd_t ceph_var_lib_t:file getattr;
+allow collectd_t ceph_var_lib_t:lnk_file getattr;
+allow collectd_t ceph_var_lib_t:lnk_file read;
+allow collectd_t fixed_disk_device_t:blk_file getattr;
 allow collectd_t self:capability2 block_suspend;
 allow collectd_t var_log_t:dir { add_name write };
 allow collectd_t var_log_t:file create;