X-Git-Url: https://git.proxmox.com/?p=ceph.git;a=blobdiff_plain;f=ceph%2Fselinux%2Fceph.te;h=a56eb6a55abc9ace03e5ede6d97f3513a2e8f326;hp=0a9349803b12831eb72b266d4e74d5ac38c3e98a;hb=28e407b858acd3bddc89f68583571f771bb42e46;hpb=dfcb7b53b2e4fcd2a5af0240d4975adc711ab96e

diff --git a/ceph/selinux/ceph.te b/ceph/selinux/ceph.te
index 0a9349803..a56eb6a55 100644
--- a/ceph/selinux/ceph.te
+++ b/ceph/selinux/ceph.te
@@ -12,6 +12,7 @@ require {
 	class dir read;
 	class file { getattr read open };
 	class blk_file { getattr ioctl open read write };
+	class capability2 block_suspend;
 }
 
 ########################################
@@ -46,6 +47,7 @@ allow ceph_t self:process { signal_perms };
 allow ceph_t self:fifo_file rw_fifo_file_perms;
 allow ceph_t self:unix_stream_socket create_stream_socket_perms;
 allow ceph_t self:capability { setuid setgid dac_override };
+allow ceph_t self:capability2 block_suspend;
 
 manage_dirs_pattern(ceph_t, ceph_log_t, ceph_log_t)
 manage_files_pattern(ceph_t, ceph_log_t, ceph_log_t)
@@ -103,6 +105,7 @@ fstools_exec(ceph_t)
 nis_use_ypbind_uncond(ceph_t)
 storage_raw_rw_fixed_disk(ceph_t)
 files_manage_generic_locks(ceph_t)
+libs_exec_ldconfig(ceph_t)
 
 allow ceph_t sysfs_t:dir read;
 allow ceph_t sysfs_t:file { read getattr open };