Bug 1382319
| Summary: | [RHEL6] SELinux prevents FUSE mounting of RDMA transport type volumes | |||
|---|---|---|---|---|
| Product: | [Red Hat Storage] Red Hat Gluster Storage | Reporter: | Anoop C S <anoopcs> | |
| Component: | rdma | Assignee: | Anoop C S <anoopcs> | |
| Status: | CLOSED ERRATA | QA Contact: | Byreddy <bsrirama> | |
| Severity: | high | Docs Contact: | ||
| Priority: | high | |||
| Version: | rhgs-3.1 | CC: | amukherj, rcyriac, rhinduja, rhs-bugs, rwheeler | |
| Target Milestone: | --- | |||
| Target Release: | RHGS 3.2.0 | |||
| Hardware: | x86_64 | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | ||
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1384487 (view as bug list) | Environment: | ||
| Last Closed: | 2017-03-23 05:10:31 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | 1388582 | |||
| Bug Blocks: | 1351528 | |||
Verified this bug using:
RHGS: glusterfs-3.8.4-3.
RHEL: RHEL6.8
Selinux version: 3.7.19-303.el6
Reported issue not seen with above packages versions.
"Verification details":
Result with selinux build: 3.7.19-292.el6 // Issue reproduced.
=========================================
AVC messages:
-------------
type=AVC msg=audit(1478855876.567:386280): avc: denied { ipc_lock } for pid=16127 comm="glusterd" capability=14 scontext=unconfined_u:system_r:glusterd_t:s0 tcontext=unconfined_u:system_r:glusterd_t:s0 tclass=capability
type=AVC msg=audit(1478855876.567:386280): avc: denied { ipc_lock } for pid=16127 comm="glusterd" capability=14 scontext=unconfined_u:system_r:glusterd_t:s0 tcontext=unconfined_u:system_r:glusterd_t:s0 tclass=capability
[root@rhs-cli-10 ~]#
Mount failure and messages in mount log:
----------------------------------------
~]# mount -t glusterfs 192.168.1.6:/Dis /mnt
Mount failed. Please check the log file for more details.
[2016-11-11 09:17:56.572425] W [MSGID: 103071] [rdma.c:1294:gf_rdma_cm_event_handler] 0-Dis-client-0: cma event RDMA_CM_EVENT_REJECTED, error 28 (me:192.168.1.6:1021 peer:192.168.1.6:24008)
[2016-11-11 09:18:00.750010] W [MSGID: 103071] [rdma.c:1294:gf_rdma_cm_event_handler] 0-Dis-client-1: cma event RDMA_CM_EVENT_REJECTED, error 28 (me:192.168.1.6:1020 peer:192.168.1.6:24008)
Result with selinux build: 3.7.19-303.el6 // Issue not seen
=========================================
[root@rhs-cli-10 ~]#
[root@rhs-cli-10 ~]# mount -t glusterfs 192.168.1.6:/Dis /mnt
[root@rhs-cli-10 ~]#
Mount happened and no unexpected messages in mount log and audit log.
Moving to verified state.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2017-0484.html |
Description of problem: GlusterFS volumes of RDMA transport fails to fuse mount with following AVCs seen from audit logs: type=AVC msg=audit(1475736079.350:10478): avc: denied { ipc_lock } for pid=2686 comm="glusterfs" capability=14 scontext=unconfined_u:system_r:glusterd_t:s0 tcontext=unconfined_u:system_r:glusterd_t:s0 tclass=capability type=AVC msg=audit(1475736154.614:10485): avc: denied { ipc_lock } for pid=2309 comm="glusterd" capability=14 scontext=unconfined_u:system_r:glusterd_t:s0 tcontext=unconfined_u:system_r:glusterd_t:s0 tclass=capability Version-Release number of selected component (if applicable): Red Hat Gluster Storage Server 3.1 Update 3 Red Hat Enterprise Linux Server release 6.8 (Santiago) How reproducible: Always Steps to Reproduce: 1. Set up RDMA stack based on IPoIB. 2. Make sure that SELinux mode is set to 'Enforcing'. 3. Create a simple 1 brick volume with transport type RDMA 4. Start the volume 5. Try fuse mounting the volume Actual results: Mount failed. Please check the log file for more details. Expected results: Mount should be successful. Additional info: mount log snippet ----------------- [2016-10-06 07:20:48.678876] W [MSGID: 103071] [rdma.c:1294:gf_rdma_cm_event_handler] 0-vol-client-0: cma event RDMA_CM_EVENT_REJECTED, error 28 (me:192.168.1.6:1023 peer:192.168.1.6:24008) Note:- Changing SELinux mode to permissive solves the issue.