Back to bug 1294762

Who When What Removed Added
Red Hat Bugzilla Rules Engine 2015-12-30 07:40:47 UTC Keywords ZStream
Humble Chirammal 2015-12-31 06:48:44 UTC CC ssampat
Flags needinfo?(ssampat)
Humble Chirammal 2015-12-31 09:40:35 UTC Assignee sankarshan mliyazud
Humble Chirammal 2015-12-31 10:41:45 UTC Status NEW ASSIGNED
Shruti Sampat 2016-01-04 11:53:56 UTC Flags needinfo?(ssampat)
Mohamed Ashiq 2016-02-01 07:05:07 UTC Blocks 1303514
sankarshan 2016-02-03 06:10:22 UTC CC sankarshan
Rejy M Cyriac 2016-02-03 11:28:20 UTC CC rcyriac
Rejy M Cyriac 2016-02-03 16:03:44 UTC Blocks 1303514
Rejy M Cyriac 2016-02-03 16:04:11 UTC Depends On 1303514
Rejy M Cyriac 2016-02-03 16:15:59 UTC Flags needinfo?(mliyazud)
Mohamed Ashiq 2016-02-04 11:34:22 UTC Flags needinfo?(mliyazud)
Rejy M Cyriac 2016-02-04 12:04:50 UTC Flags needinfo?(mliyazud)
Mohamed Ashiq 2016-02-04 16:49:23 UTC Flags needinfo?(mliyazud) needinfo?(ssampat)
Rejy M Cyriac 2016-02-08 04:23:47 UTC Blocks 1268895
Laura Bailey 2016-02-09 01:21:59 UTC Flags needinfo?(mliyazud)
Mohamed Ashiq 2016-02-09 08:19:08 UTC Flags needinfo?(ssampat) needinfo?(mliyazud)
Laura Bailey 2016-02-10 01:58:27 UTC Doc Text When the Red Hat Gluster Storage Container is deployed on Red Hat Enterprise Atomic Host, SELinux policy labels the /var/log/glusterfs directory as svirt_sandbox_file_t. Logrotate cannot run on files with this label, and logs AVC denials when log rotation is attempted on files in /var/log/glusterfs. This means that Red Hat Gluster Storage logs cannot currently be rotated, and could potentially fill up and consume a large amount of storage as a result. Correcting this requires updates to the selinux-policy package. In the meantime, you can work around this issue by resetting the label of /var/log/glusterfs after the host volume is bind mounted inside the container.

Workaround:

Start the container:
# docker run ... -v /var/log/glusterfs:/var/log/glusterfs:z ... <image_name>
# docker exec -it <container_id> /bin/bash

In the container, run the following command to manually apply the appropriate SELinux label.
# chcon -Rt glusterd_log_t /var/log/glusterfs

Note that this workaround cannot persist to subsequent docker runs, and must be performed for each docker run.
Doc Type Bug Fix Known Issue
Flags needinfo?(mliyazud)
Mohamed Ashiq 2016-02-10 13:28:40 UTC Flags needinfo?(mliyazud) needinfo?(hchiramm)
Rejy M Cyriac 2016-02-19 16:53:04 UTC Blocks 1299184
sankarshan 2016-02-24 05:06:21 UTC Flags needinfo?(hchiramm)
Rejy M Cyriac 2016-03-08 10:11:36 UTC Blocks 1299184
Mohamed Ashiq 2016-09-23 08:03:56 UTC Status ASSIGNED ON_QA
CC annair
Flags needinfo?(annair)
Anoop 2016-10-16 12:16:34 UTC Flags needinfo?(annair)
Michael Adam 2016-10-18 11:43:01 UTC Blocks 1385246
Michael Adam 2016-10-19 16:47:49 UTC CC madam
Red Hat Bugzilla Rules Engine 2016-10-19 22:05:22 UTC Target Release --- Container-Native Storage 3.4
Mohamed Ashiq 2016-10-25 10:52:49 UTC Flags needinfo?(pprakash)
Mohamed Ashiq 2016-10-25 10:55:23 UTC Flags needinfo?(pprakash)
Prasanth 2016-11-24 11:12:20 UTC See Also https://bugzilla.redhat.com/show_bug.cgi?id=1396894
QA Contact annair pprakash
Prasanth 2016-11-24 11:13:19 UTC Depends On 1396894
Michael Adam 2016-12-13 20:30:03 UTC Doc Text When the Red Hat Gluster Storage Container is deployed on Red Hat Enterprise Atomic Host, SELinux policy labels the /var/log/glusterfs directory as svirt_sandbox_file_t. Logrotate cannot run on files with this label, and logs AVC denials when log rotation is attempted on files in /var/log/glusterfs. This means that Red Hat Gluster Storage logs cannot currently be rotated, and could potentially fill up and consume a large amount of storage as a result. Correcting this requires updates to the selinux-policy package. In the meantime, you can work around this issue by resetting the label of /var/log/glusterfs after the host volume is bind mounted inside the container.

Workaround:

Start the container:
# docker run ... -v /var/log/glusterfs:/var/log/glusterfs:z ... <image_name>
# docker exec -it <container_id> /bin/bash

In the container, run the following command to manually apply the appropriate SELinux label.
# chcon -Rt glusterd_log_t /var/log/glusterfs

Note that this workaround cannot persist to subsequent docker runs, and must be performed for each docker run.
Doc Type Known Issue Bug Fix
krishnaram Karthick 2017-01-02 09:48:52 UTC Status ON_QA VERIFIED
CC kramdoss
errata-xmlrpc 2017-01-18 14:55:31 UTC Status VERIFIED RELEASE_PENDING
errata-xmlrpc 2017-01-18 14:58:44 UTC Status RELEASE_PENDING CLOSED
Resolution --- ERRATA
Last Closed 2017-01-18 09:58:44 UTC

Back to bug 1294762