From 76e91890b858418492ecdf9ae11cf31682b8dd2d Mon Sep 17 00:00:00 2001
From: kalebskeithley <kaleb@redhat.com>
Date: Wed, 8 Jul 2020 15:20:30 -0400
Subject: [PATCH] selinux: allow ceph_t amqp_port_t:tcp_socket

allow ceph_t amqp_port_t:tcp_socket name_connect;
allow ceph_t soundd_port_t:tcp_socket name_connect;

Required for running RabbitMQ

(soundd_port_t) for running RabbitMQ on port 8000

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1854083
Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com>
(cherry picked from commit 05c523185b2d5ddd9e10f425c7e1f1ee1e409ba2)
---
 selinux/ceph.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/selinux/ceph.te b/selinux/ceph.te
index 12fbcc1f5d396..a79ee7edf6a0b 100644
--- a/selinux/ceph.te
+++ b/selinux/ceph.te
@@ -89,6 +89,8 @@ corenet_tcp_sendrecv_cyphesis_port(ceph_t)
 
 allow ceph_t commplex_main_port_t:tcp_socket name_connect;
 allow ceph_t http_cache_port_t:tcp_socket name_connect;
+allow ceph_t amqp_port_t:tcp_socket name_connect;
+allow ceph_t soundd_port_t:tcp_socket name_connect;
 
 corecmd_exec_bin(ceph_t)
 corecmd_exec_shell(ceph_t)
-- 
2.39.5