The ceph-volume testing showed that the ceph daemons can run ldconfig in
a corner case when they are forbidden access to some files. This patch
allows ceph to execute ldconfig in Enforcing mode.
Fixes: https://tracker.ceph.com/issues/22302
Signed-off-by: Boris Ranto <branto@redhat.com>
(cherry picked from commit
fa5071b6d7182f54cd7b1ffe171a4b006f5255cb)
nis_use_ypbind_uncond(ceph_t)
storage_raw_rw_fixed_disk(ceph_t)
files_manage_generic_locks(ceph_t)
+libs_exec_ldconfig(ceph_t)
allow ceph_t sysfs_t:dir read;
allow ceph_t sysfs_t:file { read getattr open };