Ceph

We are hitting a couple of denials like these. This suggests that we are accessing files owned by a regular ceph user with root user.

type=AVC msg=audit(1454632967.188:3624): avc:  denied  { dac_override } for  pid=19864 comm="ceph-osd" capability=1  scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:system_r:ceph_t:s0 tclass=capability
type=AVC msg=audit(1454632971.385:3635): avc:  denied  { dac_override } for  pid=20353 comm="ceph-osd" capability=1  scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:system_r:ceph_t:s0 tclass=capability
type=AVC msg=audit(1454633045.627:3777): avc:  denied  { dac_override } for  pid=21709 comm="ceph-osd" capability=1  scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:system_r:ceph_t:s0 tclass=capability', 
type=AVC msg=audit(1454632981.199:3759): avc:  denied  { dac_override } for  pid=20811 comm="ceph-osd" capability=1  scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:system_r:ceph_t:s0 tclass=capability', 
type=AVC msg=audit(1454632980.825:3756): avc:  denied  { dac_override } for  pid=20786 comm="ceph-osd" capability=1  scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:system_r:ceph_t:s0 tclass=capability', 
type=AVC msg=audit(1454633048.389:3783): avc:  denied  { dac_override } for  pid=22052 comm="ceph-osd" capability=1  scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:system_r:ceph_t:s0 tclass=capability', 
type=AVC msg=audit(1454632903.971:3609): avc:  denied  { dac_override } for  pid=19076 comm="ceph-osd" capability=1  scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:system_r:ceph_t:s0 tclass=capability']

I think this is happening because we run ceph-osd in ceph-disk a couple of times without telling it to use ceph user/group.