Bug 1240247

Summary: To document the SELinux context permission for /var/run/ctdb and ctdb_wrapper in case of deletion of the existing directory.
Product: [Red Hat Storage] Red Hat Gluster Storage Reporter: surabhi <sbhaloth>
Component: DocumentationAssignee: Bhavana <bmohanra>
Status: CLOSED NOTABUG QA Contact: storage-qa-internal <storage-qa-internal>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rhgs-3.1CC: asriram, madam, nlevinki, rhs-bugs, storage-doc
Target Milestone: ---   
Target Release: RHGS 3.1.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-07-09 09:03:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description surabhi 2015-07-06 10:54:42 UTC 
Document URL: 

Need to document the SELinux permission context to be set on ctdb_wrapper:

ctdbd_wrapper is a wrapper around ctdbd which sets a few command line options for ctdbd and also creates /var/run/ctdb if it does not exist. ctdbd_wrapper is the recommended and supported way of starting ctdbd.
The setting is required for ctdbd_wrapper.

Commands to be added in ctdb spec file in post install:
#semanage fcontext -a -t ctdbd_exec_t /usr/sbin/ctdbd_wrapper 
#restorecon -R -v /usr/sbin/ctdbd_wrapper 
"/usr/sbin/" should be replaced accordingly.

Fix will be available in the ctdb package .
If the directory /var/run/ctdb will be deleted then following commands has to be executed:

#semanage fcontext -a -t ctdbd_exec_t /usr/sbin/ctdbd_wrapper 
#restorecon -R -v /usr/sbin/ctdbd_wrapper


#semanage fcontext -a -t ctdbd_t /var/run/ctdb
#restorecon -R -v /var/run/ctdb

Section Number and Name: 

Describe the issue: 

Suggestions for improvement: 

Additional information:
Comment 2 Michael Adam 2015-07-09 08:44:15 UTC 
With the latest updates to the CTDB rpm (see bug #1235613), is this necessary any more? ctdbd_wrapper gets the context by that RPM now.

/var/run/ctdb has the desired context from the policy already as it seems.
So what remains to be documented, if I got everything right, is to run restorecon on /var/run/ctdb, if the directory has been recreated manually.
Comment 3 Michael Adam 2015-07-09 09:03:23 UTC 
(In reply to Michael Adam from comment #2)
> With the latest updates to the CTDB rpm (see bug #1235613), is this
> necessary any more? ctdbd_wrapper gets the context by that RPM now.
> 
> /var/run/ctdb has the desired context from the policy already as it seems.
> So what remains to be documented, if I got everything right, is to run
> restorecon on /var/run/ctdb, if the directory has been recreated manually.

Ok, update: After discussing with Surabhi, we agree that we can't document all steps to be taken in case human intervention messes something up. I.e. we don't need to document anything, since the package now works as desired.