Bug 1282336

Summary: Ansible installer needs to turn on selinux boolean 'virt_sandbox_use_fusefs'
Product: OpenShift Container Platform Reporter: Jianwei Hou <jhou>
Component: InstallerAssignee: Jason DeTiberus <jdetiber>
Status: CLOSED ERRATA QA Contact: Ma xiaoqiang <xiama>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.1.0CC: aos-bugs, bleanhar, jokerman, mmccomas, pruan, xtian
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-17 21:19:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jianwei Hou 2015-11-16 07:31:47 UTC 
Description of problem:
Setup OSE with ansible installer, when creating a non privileged container with glusterfs mount, the container can not access the mount dir, even if the directory access mode and ownership is properly set. On the node the selinux boolean virt_sandbox_use_fusefs is off. After it is turned on, things work as expected.

Version-Release number of selected component (if applicable):
openshift v3.1.0.4-9-g72d3991
kubernetes v1.1.0-origin-1107-g4c8e6f4
etcd 2.1.2

How reproducible:
Always

Steps to Reproduce:
1. Install OSE using ansible
2. Create a non privileged pod with glusterfs mount
3. In the pod, access the mount dir
4. On the node where the pod is scheduled, run 'getsebool virt_sandbox_use_fusefs'
5. On the node, 'setsebool -P virt_sandbox_use_fusefs 1'
6. Repeat step 3

Actual results:
After step 3: Got permission denied problem

After step 4: 
[root@openshift-117 ~]# getsebool virt_sandbox_use_fusefs
virt_sandbox_use_fusefs --> off

After step 6:
Reading/writing the directory were successful.

Expected results:
The ansible installer should have selinux boolean 'virt_sandbox_use_fusefs' turned on.

Additional info:
Also see https://bugzilla.redhat.com/show_bug.cgi?id=1231936
Comment 1 Jason DeTiberus 2015-11-16 16:26:41 UTC 
https://github.com/openshift/openshift-ansible/pull/903
Comment 2 Jianwei Hou 2015-11-17 05:49:54 UTC 
Installed OSE with ansible installer with above fix, now 'virt_sandbox_use_fusefs' is turned on. I'll mark this bug as verified when this PR is merged.
Comment 3 Jianwei Hou 2015-11-18 02:22:05 UTC 
PR is already merged, this bug is verified as described in comment 2.
Comment 5 errata-xmlrpc 2015-12-17 21:19:32 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2015:2667