type urandom_device_t;
type setfiles_t;
type nvme_device_t;
+ type targetd_etc_rw_t;
+ type amqp_port_t;
+ type soundd_port_t;
class sock_file unlink;
class tcp_socket name_connect_t;
class lnk_file { create getattr read unlink };
class dir { add_name create getattr open read remove_name rmdir search write };
- class file { create getattr open read rename unlink write };
+ class file { create getattr open read rename unlink write ioctl };
class blk_file { getattr ioctl open read write };
class capability2 block_suspend;
class process2 { nnp_transition nosuid_transition };
allow ceph_t commplex_main_port_t:tcp_socket name_connect;
allow ceph_t http_cache_port_t:tcp_socket name_connect;
+allow ceph_t amqp_port_t:tcp_socket name_connect;
+allow ceph_t soundd_port_t:tcp_socket name_connect;
corecmd_exec_bin(ceph_t)
corecmd_exec_shell(ceph_t)
allow ceph_t sysfs_t:lnk_file { read getattr };
allow ceph_t configfs_t:dir { add_name create getattr open read remove_name rmdir search write };
-allow ceph_t configfs_t:file { getattr open read write };
+allow ceph_t configfs_t:file { getattr open read write ioctl };
allow ceph_t configfs_t:lnk_file { create getattr read unlink };
allow ceph_t init_var_run_t:file getattr;
allow init_t ceph_t:process2 { nnp_transition nosuid_transition };
+allow ceph_t targetd_etc_rw_t:dir { getattr search };
+
fsadm_manage_pid(ceph_t)
#============= setfiles_t ==============
projects / ceph.git / blobdiff