Permalink
Browse files

selinux: Allow ceph to manage tmp files

Two new denials showed up in testing that relate to ceph trying to
manage (rename and unlink) tmp files. This commit allows ceph to manage
the files.

Fixes: http://tracker.ceph.com/issues/17436

Signed-off-by: Boris Ranto <branto@redhat.com>
  • Loading branch information...
1 parent ba6785f commit f8a0e201ee54759695ef44f7ed98b3b9705fafe3 @b-ranto b-ranto committed Sep 29, 2016
Showing with 1 addition and 0 deletions.
  1. +1 −0 selinux/ceph.te
View
@@ -93,6 +93,7 @@ allow ceph_t self:tcp_socket { accept listen };
corenet_tcp_connect_cyphesis_port(ceph_t)
corenet_tcp_connect_generic_port(ceph_t)
files_list_tmp(ceph_t)
+files_manage_generic_tmp_files(ceph_t)
fstools_exec(ceph_t)
nis_use_ypbind_uncond(ceph_t)
storage_raw_rw_fixed_disk(ceph_t)

0 comments on commit f8a0e20

Please sign in to comment.