From b05b41e3ca5116ebeff102d1c6faacce463e2de6 Mon Sep 17 00:00:00 2001
From: Kefu Chai <kchai@redhat.com>
Date: Tue, 19 Jul 2016 11:34:49 +0800
Subject: [PATCH] selinux: allow read /proc/<pid>/cmdline

we read /proc/<pid>/cmdline to figure out who is terminating us.

Fixes: http://tracker.ceph.com/issues/16675
Signed-off-by: Kefu Chai <kchai@redhat.com>
---
 selinux/ceph.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/selinux/ceph.te b/selinux/ceph.te
index 0e85c84bfa678..179396aaef9ac 100644
--- a/selinux/ceph.te
+++ b/selinux/ceph.te
@@ -75,6 +75,8 @@ corecmd_exec_shell(ceph_t)
 
 dev_read_urand(ceph_t)
 
+domain_read_all_domains_state(ceph_t)
+
 fs_getattr_all_fs(ceph_t)
 
 auth_use_nsswitch(ceph_t)