selinux: allow dac_override capability

Fixes: ceph#14870 Signed-off-by: Boris Ranto <[email protected]>
siplabs · Mar 8, 2016 · 519b03f · 519b03f
1 parent 2241792
commit 519b03f
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/selinux/ceph.te b/selinux/ceph.te
@@ -43,7 +43,7 @@ files_pid_file(ceph_var_run_t)
 allow ceph_t self:process { signal_perms };
 allow ceph_t self:fifo_file rw_fifo_file_perms;
 allow ceph_t self:unix_stream_socket create_stream_socket_perms;
-allow ceph_t self:capability { setuid setgid };
+allow ceph_t self:capability { setuid setgid dac_override };
 
 manage_dirs_pattern(ceph_t, ceph_log_t, ceph_log_t)
 manage_files_pattern(ceph_t, ceph_log_t, ceph_log_t)