From ffcaac803597515679cc04d0b6823e60fbddec51 Mon Sep 17 00:00:00 2001
From: Boris Ranto <branto@redhat.com>
Date: Tue, 16 Jul 2019 19:10:48 +0200
Subject: [PATCH] selinux: Allow ceph to read udev db

We are using libudev and reading the udev db files because of that. We
need to allow ceph to access these files in the SELinux policy.

Signed-off-by: Boris Ranto <branto@redhat.com>
(cherry picked from commit ef191068d6c8147f52ac264097a62698d1f67be8)
---
 selinux/ceph.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/selinux/ceph.te b/selinux/ceph.te
index 90b4e1bee642d..c3be384c56bae 100644
--- a/selinux/ceph.te
+++ b/selinux/ceph.te
@@ -105,6 +105,8 @@ logging_send_syslog_msg(ceph_t)
 
 sysnet_dns_name_resolve(ceph_t)
 
+udev_read_db(ceph_t)
+
 allow ceph_t nvme_device_t:blk_file { getattr ioctl open read write };
 
 # basis for future security review
-- 
2.47.3