selinux: Allow ceph to execute ldconfig

The ceph-volume testing showed that the ceph daemons can run ldconfig in a corner case when they are forbidden access to some files. This patch allows ceph to execute ldconfig in Enforcing mode. Fixes: https://tracker.ceph.com/issues/22302 Signed-off-by: Boris Ranto <[email protected]>
allenk · May 14, 2018 · fa5071b · fa5071b
1 parent d9aac6a
commit fa5071b
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/selinux/ceph.te b/selinux/ceph.te
@@ -103,6 +103,7 @@ fstools_exec(ceph_t)
 nis_use_ypbind_uncond(ceph_t)
 storage_raw_rw_fixed_disk(ceph_t)
 files_manage_generic_locks(ceph_t)
+libs_exec_ldconfig(ceph_t)
 
 allow ceph_t sysfs_t:dir read;
 allow ceph_t sysfs_t:file { read getattr open };