RepoMirrors/ceph
1
0
Fork 0
mirror of https://github.com/ceph/ceph synced 2025-01-04 02:02:36 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9669 from ceph/wip-selinux

Browse Source 
selinux: allow chown for self and setattr for /var/run/ceph

Reviewed-by: John Spray <john.spray@redhat.com>
This commit is contained in:
John Spray 2016-06-14 13:34:56 +01:00 committed by GitHub
commit 6d6828fe52
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
selinux/ceph.te
View File

@ -84,8 +84,8 @@ logging_send_syslog_msg(ceph_t)
sysnet_dns_name_resolve(ceph_t)
# basis for future security review
allow ceph_t ceph_var_run_t:sock_file { create unlink write };
allow ceph_t self:capability sys_rawio;
allow ceph_t ceph_var_run_t:sock_file { create unlink write setattr };
allow ceph_t self:capability { sys_rawio chown };
allow ceph_t self:tcp_socket { accept listen };
corenet_tcp_connect_cyphesis_port(ceph_t)