selinux: Allow ceph to manage tmp files

Two new denials showed up in testing that relate to ceph trying to manage (rename and unlink) tmp files. This commit allows ceph to manage the files. Fixes: http://tracker.ceph.com/issues/17436 Signed-off-by: Boris Ranto <[email protected]>
att · Sep 29, 2016 · f8a0e20 · f8a0e20
1 parent ba6785f
commit f8a0e20
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/selinux/ceph.te b/selinux/ceph.te
@@ -93,6 +93,7 @@ allow ceph_t self:tcp_socket { accept listen };
 corenet_tcp_connect_cyphesis_port(ceph_t)
 corenet_tcp_connect_generic_port(ceph_t)
 files_list_tmp(ceph_t)
+files_manage_generic_tmp_files(ceph_t)
 fstools_exec(ceph_t)
 nis_use_ypbind_uncond(ceph_t)
 storage_raw_rw_fixed_disk(ceph_t)