From: Boris Ranto <branto@redhat.com>
Date: Tue, 16 Jul 2019 17:10:48 +0000 (+0200)
Subject: selinux: Allow ceph to read udev db
X-Git-Tag: v15.1.0~2182^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=refs%2Fpull%2F29071%2Fhead;p=ceph.git

selinux: Allow ceph to read udev db

We are using libudev and reading the udev db files because of that. We
need to allow ceph to access these files in the SELinux policy.

Signed-off-by: Boris Ranto <branto@redhat.com>
---

diff --git a/selinux/ceph.te b/selinux/ceph.te
index 90b4e1bee642..c3be384c56ba 100644
--- a/selinux/ceph.te
+++ b/selinux/ceph.te
@@ -105,6 +105,8 @@ logging_send_syslog_msg(ceph_t)
 
 sysnet_dns_name_resolve(ceph_t)
 
+udev_read_db(ceph_t)
+
 allow ceph_t nvme_device_t:blk_file { getattr ioctl open read write };
 
 # basis for future security review