From 05c523185b2d5ddd9e10f425c7e1f1ee1e409ba2 Mon Sep 17 00:00:00 2001
From: kalebskeithley <kaleb@redhat.com>
Date: Wed, 8 Jul 2020 15:20:30 -0400
Subject: [PATCH] selinux: allow ceph_t amqp_port_t:tcp_socket

allow ceph_t amqp_port_t:tcp_socket name_connect;
allow ceph_t soundd_port_t:tcp_socket name_connect;

Required for running RabbitMQ

(soundd_port_t) for running RabbitMQ on port 8000

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1854083
Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com>
---
 selinux/ceph.te | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/selinux/ceph.te b/selinux/ceph.te
index c706c0c2991..2e710e1b1d4 100644
--- a/selinux/ceph.te
+++ b/selinux/ceph.te
@@ -88,6 +88,8 @@ corenet_tcp_sendrecv_cyphesis_port(ceph_t)
 
 allow ceph_t commplex_main_port_t:tcp_socket name_connect;
 allow ceph_t http_cache_port_t:tcp_socket name_connect;
+allow ceph_t amqp_port_t:tcp_socket name_connect;
+allow ceph_t soundd_port_t:tcp_socket name_connect;
 
 corecmd_exec_bin(ceph_t)
 corecmd_exec_shell(ceph_t)