RepoMirrors/ceph
1
0
Fork 0
mirror of https://github.com/ceph/ceph synced 2025-03-25 11:48:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

selinux: Allow ceph to setsched

Browse Source 
In several places, such as common/numa.cc we call sched_setaffinity
which requires this permission.

Fixes: https://tracker.ceph.com/issues/44196

Signed-off-by: Brad Hubbard <bhubbard@redhat.com>
This commit is contained in:
Brad Hubbard 2020-02-19 13:36:24 +10:00
parent 138f40754a
commit 43103e0207
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
selinux/ceph.te
View File

@ -142,6 +142,7 @@ allow ceph_t configfs_t:lnk_file { create getattr read unlink };
allow ceph_t random_device_t:chr_file getattr;
allow ceph_t urandom_device_t:chr_file getattr;
allow ceph_t self:process setpgid;
allow ceph_t self:process setsched;
allow ceph_t var_run_t:dir { write create add_name };
allow ceph_t var_run_t:file { read write create open getattr };
allow ceph_t init_var_run_t:file getattr;