update sources to v12.2.1

[ceph.git] / ceph / selinux / ceph.te

diff --git a/ceph/selinux/ceph.te b/ceph/selinux/ceph.te
index 272947d1e44d59538edde5a8cc26051a1c9ec561..552f73601cd9262e83c59bfc9c6876e6f5c8d085 100644 (file)
--- a/ceph/selinux/ceph.te
+++ b/ceph/selinux/ceph.te
@@ -5,11 +5,13 @@ require {
        type var_run_t;
        type random_device_t;
        type urandom_device_t;
-        type setfiles_t;
+       type setfiles_t;
+       type nvme_device_t;
        class sock_file unlink;
        class lnk_file read;
        class dir read;
        class file { getattr read open };
+       class blk_file { getattr ioctl open read write };
 }
 
 ########################################
@@ -86,6 +88,8 @@ logging_send_syslog_msg(ceph_t)
 
 sysnet_dns_name_resolve(ceph_t)
 
+allow ceph_t nvme_device_t:blk_file { getattr ioctl open read write };
+
 # basis for future security review
 allow ceph_t ceph_var_run_t:sock_file { create unlink write setattr };
 allow ceph_t self:capability { sys_rawio chown };