RepoMirrors/ceph
1
0
Fork 0
mirror of https://github.com/ceph/ceph synced 2024-12-28 22:43:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #34694 from mikechristie/ceph-iscsi-selinux-fixes

Browse Source 
ceph-iscsi:  selinux fixes

Reviewed-by: Boris Ranto <branto@redhat.com>
This commit is contained in:
Boris Ranto 2020-04-23 13:52:36 +02:00 committed by GitHub
commit 05573aa57d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
selinux/ceph.te
View File

@ -13,11 +13,12 @@ require {
type urandom_device_t;
type setfiles_t;
type nvme_device_t;
type targetd_etc_rw_t;
class sock_file unlink;
class tcp_socket name_connect_t;
class lnk_file { create getattr read unlink };
class dir { add_name create getattr open read remove_name rmdir search write };
class file { create getattr open read rename unlink write };
class file { create getattr open read rename unlink write ioctl };
class blk_file { getattr ioctl open read write };
class capability2 block_suspend;
class process2 { nnp_transition nosuid_transition };
@ -137,7 +138,7 @@ allow ceph_t sysfs_t:file { read getattr open };
allow ceph_t sysfs_t:lnk_file { read getattr };
allow ceph_t configfs_t:dir { add_name create getattr open read remove_name rmdir search write };
allow ceph_t configfs_t:file { getattr open read write };
allow ceph_t configfs_t:file { getattr open read write ioctl };
allow ceph_t configfs_t:lnk_file { create getattr read unlink };
@ -150,6 +151,8 @@ allow ceph_t var_run_t:file { read write create open getattr };
allow ceph_t init_var_run_t:file getattr;
allow init_t ceph_t:process2 { nnp_transition nosuid_transition };
allow ceph_t targetd_etc_rw_t:dir { getattr search };
fsadm_manage_pid(ceph_t)
#============= setfiles_t ==============