From 43103e0207bfacf02f7f9533b36443d65f95d718 Mon Sep 17 00:00:00 2001
From: Brad Hubbard <bhubbard@redhat.com>
Date: Wed, 19 Feb 2020 13:36:24 +1000
Subject: [PATCH] selinux: Allow ceph to setsched

In several places, such as common/numa.cc we call sched_setaffinity
which requires this permission.

Fixes: https://tracker.ceph.com/issues/44196

Signed-off-by: Brad Hubbard <bhubbard@redhat.com>
---
 selinux/ceph.te | 1 +
 1 file changed, 1 insertion(+)

diff --git a/selinux/ceph.te b/selinux/ceph.te
index c3be384c56bae..e2a848149ccbe 100644
--- a/selinux/ceph.te
+++ b/selinux/ceph.te
@@ -142,6 +142,7 @@ allow ceph_t configfs_t:lnk_file { create getattr read unlink };
 allow ceph_t random_device_t:chr_file getattr;
 allow ceph_t urandom_device_t:chr_file getattr;
 allow ceph_t self:process setpgid;
+allow ceph_t self:process setsched;
 allow ceph_t var_run_t:dir { write create add_name };
 allow ceph_t var_run_t:file { read write create open getattr };
 allow ceph_t init_var_run_t:file getattr;