From f669c5257058e08097613122fbbab61a77e92af8 Mon Sep 17 00:00:00 2001
From: Zack Cerza <zack@redhat.com>
Date: Mon, 26 Jun 2017 15:26:35 -0600
Subject: [PATCH] selinux: Allow collectd to write in /var/log/

Signed-off-by: Zack Cerza <zack@redhat.com>
---
 selinux/cephmetrics.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/selinux/cephmetrics.te b/selinux/cephmetrics.te
index 75367b5..f7d39cb 100644
--- a/selinux/cephmetrics.te
+++ b/selinux/cephmetrics.te
@@ -17,6 +17,8 @@ require {
 allow collectd_t ceph_t:unix_stream_socket connectto;
 allow collectd_t ceph_var_run_t:dir read;
 allow collectd_t self:capability2 block_suspend;
+allow collectd_t var_log_t:dir { add_name write };
+allow collectd_t var_log_t:file create;
 corecmd_exec_shell(collectd_t)
 files_list_tmp(collectd_t)
 libs_exec_ldconfig(collectd_t)
-- 
2.47.3