This adds selinux support for the ceph iscsi daemons under the ceph
github:
ceph-iscsi-config - rbd-target-gw
ceph-iscsi-cli - rbd-target-api
We use tcmu-runner, but that will go into the core policy to avoid
conflicts with gluster and distro bases.
This requires the patches:
https://github.com/ceph/ceph-iscsi-config/pull/90https://github.com/ceph/ceph-iscsi-cli/pull/134
Signed-off-by: Mike Christie <mchristi@redhat.com>
We do suggest users to put their logs in /var/log/radosgw in the
documentation at times. We should also label that directory with
ceph_var_log_t so that ceph daemons can also write there.
The commit also updates the man page for this policy. This man page is
automatically generated by
* sepolicy manpage -p . -d ceph_t
and have not been reloaded in a while. Hence, it contains few more
changes than the new radosgw directory.
Signed-off-by: Boris Ranto <branto@redhat.com>
The current SELinux policy does not cover radosgw daemon. This patch
introduces the SELinux support for radosgw daemon (civetweb only).
Signed-off-by: Boris Ranto <branto@redhat.com>
This patch modifies the build system and spec file to provide a support
for SELinux enforcing in an opt-in matter via ceph-selinux package.
Signed-off-by: Boris Ranto <branto@redhat.com>
