Back to bug 1238404
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Soumya Koduri | 2015-07-02 09:11:01 UTC | CC | skoduri | |
| Niels de Vos | 2015-07-02 14:19:15 UTC | Status | NEW | ASSIGNED |
| Niels de Vos | 2015-07-02 15:32:54 UTC | CC | ssampat | |
| Flags | needinfo?(ssampat) | |||
| Shruti Sampat | 2015-07-03 07:08:52 UTC | Flags | needinfo?(ssampat) | |
| Niels de Vos | 2015-07-03 08:10:47 UTC | Flags | needinfo?(ssampat) | |
| Shruti Sampat | 2015-07-03 09:54:45 UTC | Flags | needinfo?(ssampat) | |
| Niels de Vos | 2015-07-03 18:40:38 UTC | Flags | needinfo?(ssampat) | |
| Shruti Sampat | 2015-07-04 04:54:35 UTC | Flags | needinfo?(ssampat) | |
| Niels de Vos | 2015-07-04 08:32:18 UTC | Summary | autogen.sh for glusterfs hangs on gluster-nfs mount | SElinux prevents Gluster/NFS from connecting to RPC services on NFS-clients |
| Niels de Vos | 2015-07-04 08:35:14 UTC | Blocks | 1212796 | |
| Niels de Vos | 2015-07-04 09:00:40 UTC | CC | pprakash | |
| Flags | needinfo?(pprakash) | |||
| Prasanth | 2015-07-06 06:33:10 UTC | Flags | needinfo?(pprakash) | |
| Prasanth | 2015-07-06 06:34:21 UTC | Summary | SElinux prevents Gluster/NFS from connecting to RPC services on NFS-clients | [SELinux] SElinux prevents Gluster/NFS from connecting to RPC services on NFS-clients |
| Alok | 2015-07-06 11:38:04 UTC | CC | asrivast | |
| Anoop | 2015-07-06 11:38:30 UTC | CC | annair | |
| Vivek Agarwal | 2015-07-06 14:22:24 UTC | Priority | unspecified | high |
| CC | vagarwal | |||
| Blocks | 1202842 | |||
| Red Hat Bugzilla Rules Engine | 2015-07-06 14:25:19 UTC | Target Release | --- | RHGS 3.1.0 |
| Prasanth | 2015-07-07 08:37:12 UTC | CC | mgrepl, mmalik | |
| Prasanth | 2015-07-07 09:42:28 UTC | Blocks | 1240583 | |
| Prasanth | 2015-07-07 09:43:05 UTC | Blocks | 1240584 | |
| Prasanth | 2015-07-07 11:01:59 UTC | Flags | needinfo?(ssampat) | |
| Shruti Sampat | 2015-07-07 16:24:30 UTC | Flags | needinfo?(ssampat) | |
| Prasanth | 2015-07-09 10:48:35 UTC | Blocks | 1240583, 1240584 | |
| Depends On | 1240583 | |||
| Rejy M Cyriac | 2015-07-14 12:45:51 UTC | CC | rcyriac | |
| Prasanth | 2015-07-16 07:47:06 UTC | Flags | needinfo?(ssampat) | |
| Shruti Sampat | 2015-07-17 07:42:09 UTC | Flags | needinfo?(ssampat) | needinfo?(pprakash) |
| Prasanth | 2015-07-17 11:17:08 UTC | Flags | needinfo?(pprakash) | needinfo?(ssampat) |
| Prasanth | 2015-07-17 11:17:47 UTC | Depends On | 1240584 | |
| Prasanth | 2015-07-17 15:08:09 UTC | QA Contact | storage-qa-internal | ssampat |
| Vivek Agarwal | 2015-07-20 13:13:38 UTC | Status | ASSIGNED | MODIFIED |
| Prasanth | 2015-07-20 17:30:40 UTC | Fixed In Version | selinux-policy-3.13.1-34.el7 | |
| Vivek Agarwal | 2015-07-21 05:56:23 UTC | Status | MODIFIED | ON_QA |
| Shruti Sampat | 2015-07-21 09:00:38 UTC | Flags | needinfo?(ssampat) | needinfo?(pprakash) |
| Prasanth | 2015-07-21 09:28:27 UTC | Status | ON_QA | MODIFIED |
| Fixed In Version | selinux-policy-3.13.1-34.el7 | |||
| Flags | needinfo?(pprakash) | |||
| Prasanth | 2015-07-21 09:29:48 UTC | Summary | [SELinux] SElinux prevents Gluster/NFS from connecting to RPC services on NFS-clients | [SELinux] SElinux prevents Gluster/NFS from connecting to RPC services on NFS-clients (RHEL-6.7) |
| errata-xmlrpc | 2015-07-21 10:00:17 UTC | Status | MODIFIED | ON_QA |
| Vivek Agarwal | 2015-07-21 10:39:58 UTC | Status | ON_QA | MODIFIED |
| errata-xmlrpc | 2015-07-22 02:47:10 UTC | Status | MODIFIED | ON_QA |
| Rejy M Cyriac | 2015-07-22 04:01:40 UTC | Status | ON_QA | MODIFIED |
| errata-xmlrpc | 2015-07-22 07:32:09 UTC | Status | MODIFIED | ON_QA |
| Rejy M Cyriac | 2015-07-22 09:50:52 UTC | Status | ON_QA | MODIFIED |
| errata-xmlrpc | 2015-07-22 13:54:09 UTC | Status | MODIFIED | ON_QA |
| Vivek Agarwal | 2015-07-22 14:40:27 UTC | Status | ON_QA | MODIFIED |
| errata-xmlrpc | 2015-07-23 10:16:33 UTC | Status | MODIFIED | ON_QA |
| Vivek Agarwal | 2015-07-23 11:38:30 UTC | Blocks | 1202842 | |
| Vivek Agarwal | 2015-07-23 11:44:48 UTC | Status | ON_QA | MODIFIED |
| errata-xmlrpc | 2015-07-24 11:58:36 UTC | Status | MODIFIED | ON_QA |
| Vivek Agarwal | 2015-07-24 12:00:46 UTC | Status | ON_QA | MODIFIED |
| Vivek Agarwal | 2015-07-27 07:23:02 UTC | Blocks | 1216951 | |
| Vivek Agarwal | 2015-07-27 09:11:04 UTC | Doc Type | Bug Fix | Known Issue |
| Red Hat Bugzilla | 2015-07-27 09:11:04 UTC | Doc Type | Known Issue | Bug Fix |
| Vivek Agarwal | 2015-07-27 09:11:31 UTC | Doc Text | workaround: | |
| Doc Type | Bug Fix | Known Issue | ||
| Apeksha | 2015-07-27 11:57:57 UTC | CC | akhakhar | |
| Doc Text | workaround: | As per the bug, you will see AVC's denied flag for glusterfs command. For example: type=AVC msg=audit(1435997568.099:13230): avc: denied { name_connect } for pid=16323 comm="glusterfs" dest=111 scontext=unconfined_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket |
||
| Apeksha | 2015-07-27 11:58:53 UTC | Doc Text | As per the bug, you will see AVC's denied flag for glusterfs command. For example: type=AVC msg=audit(1435997568.099:13230): avc: denied { name_connect } for pid=16323 comm="glusterfs" dest=111 scontext=unconfined_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket | As per the bug, you will see AVC's denied flag for glusterfs command. For example: type=AVC msg=audit(1435997568.099:13230): avc: denied { name_connect } for pid=16323 comm="glusterfs" dest=111 scontext=unconfined_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket In order to rectify this problem, please use the workaround as mentioned below on all the servers: Step1: # cat bz1238404.te policy_module(bz1238404,1.0) require { type glusterd_t; } corenet_tcp_connect_portmap_port(glusterd_t) Step2: # make -f /usr/share/selinux/devel/Makefile Compiling targeted bz1238404 module /usr/bin/checkmodule: loading policy configuration from tmp/bz1238404.tmp /usr/bin/checkmodule: policy configuration loaded /usr/bin/checkmodule: writing binary representation (version 10) to tmp/bz1238404.mod Creating targeted bz1238404.pp policy package rm tmp/bz1238404.mod tmp/bz1238404.mod.fc Step3: # semodule -i bz1238404.pp |
| Rejy M Cyriac | 2015-08-03 05:48:38 UTC | Status | MODIFIED | ON_QA |
| Fixed In Version | selinux-policy-3.7.19-279.el6_7.1 | |||
| Jiri Herrmann | 2015-08-04 14:13:04 UTC | CC | jherrman | |
| Doc Text | As per the bug, you will see AVC's denied flag for glusterfs command. For example: type=AVC msg=audit(1435997568.099:13230): avc: denied { name_connect } for pid=16323 comm="glusterfs" dest=111 scontext=unconfined_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:portmap_port_t:s0 tclass=tcp_socket In order to rectify this problem, please use the workaround as mentioned below on all the servers: Step1: # cat bz1238404.te policy_module(bz1238404,1.0) require { type glusterd_t; } corenet_tcp_connect_portmap_port(glusterd_t) Step2: # make -f /usr/share/selinux/devel/Makefile Compiling targeted bz1238404 module /usr/bin/checkmodule: loading policy configuration from tmp/bz1238404.tmp /usr/bin/checkmodule: policy configuration loaded /usr/bin/checkmodule: writing binary representation (version 10) to tmp/bz1238404.mod Creating targeted bz1238404.pp policy package rm tmp/bz1238404.mod tmp/bz1238404.mod.fc Step3: # semodule -i bz1238404.pp | Prior to this update, SELinux unintentionally prevented Gluster from connecting to remote procedure call (RPC) services on NFS clients. This update modifies the relevant SELinux policies, and Gluster now connects to RPC services as expected. | ||
| Shruti Sampat | 2015-08-05 05:48:33 UTC | Status | ON_QA | VERIFIED |
| Vivek Agarwal | 2015-08-10 07:45:28 UTC | Status | VERIFIED | CLOSED |
| Resolution | --- | CURRENTRELEASE | ||
| Last Closed | 2015-08-10 03:45:28 UTC |
Back to bug 1238404