From 3a01b0e06db33217103ce0f643b3bf0d26fca96d Mon Sep 17 00:00:00 2001
From: Boris Ranto <branto@redhat.com>
Date: Tue, 22 May 2018 10:46:11 +0200
Subject: [PATCH] selinux: Allow collectd to access iscsi resources

Signed-off-by: Boris Ranto <branto@redhat.com>
---
 selinux/cephmetrics.te | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/selinux/cephmetrics.te b/selinux/cephmetrics.te
index 23ef409..7609635 100644
--- a/selinux/cephmetrics.te
+++ b/selinux/cephmetrics.te
@@ -9,6 +9,9 @@ require {
 	type ceph_var_lib_t;
 	type fixed_disk_device_t;
 	type tmp_t;
+	type configfs_t;
+	type mount_exec_t;
+	type rpm_exec_t;
 	class unix_stream_socket connectto;
 	class dir read;
 	class file getattr;
@@ -22,6 +25,9 @@ require {
 
 #============= collectd_t ==============
 
+allow collectd_t configfs_t:dir search;
+allow collectd_t mount_exec_t:file execute;
+allow collectd_t rpm_exec_t:file getattr;
 allow collectd_t bin_t:file { execute execute_no_trans };
 #!!!! This avc can be allowed using the boolean 'daemons_enable_cluster_mode'
 allow collectd_t ceph_t:unix_stream_socket connectto;
-- 
2.47.3