From 394c26adb97cd150233fe8760355f486d03624a4 Mon Sep 17 00:00:00 2001
From: Boris Ranto <branto@redhat.com>
Date: Thu, 21 Sep 2017 17:24:07 +0200
Subject: [PATCH] selinux: Allow getattr on lnk sysfs files

This showed up during downstream testing for luminous. We are doing
getattr on the sysfs lnk files and the current policy does not allow
this.

Signed-off-by: Boris Ranto <branto@redhat.com>
---
 selinux/ceph.te | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/selinux/ceph.te b/selinux/ceph.te
index 552f73601cd92..0a9349803b128 100644
--- a/selinux/ceph.te
+++ b/selinux/ceph.te
@@ -106,7 +106,7 @@ files_manage_generic_locks(ceph_t)
 
 allow ceph_t sysfs_t:dir read;
 allow ceph_t sysfs_t:file { read getattr open };
-allow ceph_t sysfs_t:lnk_file read;
+allow ceph_t sysfs_t:lnk_file { read getattr };
 
 allow ceph_t random_device_t:chr_file getattr;
 allow ceph_t urandom_device_t:chr_file getattr;
-- 
2.39.5