selinux: Allow ceph to execute ldconfig

The ceph-volume testing showed that the ceph daemons can run ldconfig in a corner case when they are forbidden access to some files. This patch allows ceph to execute ldconfig in Enforcing mode. Fixes: https://tracker.ceph.com/issues/22302 Signed-off-by: Boris Ranto <branto@redhat.com>
2025-02-16 23:37:46 +00:00 · 2018-01-25 16:31:30 +01:00 · 2018-01-25 16:31:30 +01:00 · fa5071b6d7
commit fa5071b6d7
parent d9aac6a55f
1 changed files with 1 additions and 0 deletions
--- a/selinux/ceph.te
+++ b/selinux/ceph.te
@ -103,6 +103,7 @@ fstools_exec(ceph_t)
 nis_use_ypbind_uncond(ceph_t)
 storage_raw_rw_fixed_disk(ceph_t)
 files_manage_generic_locks(ceph_t)
+libs_exec_ldconfig(ceph_t)

 allow ceph_t sysfs_t:dir read;
 allow ceph_t sysfs_t:file { read getattr open };