Bug 1399698
Summary: | AVCs seen when ganesha cluster nodes are rebooted | |||
---|---|---|---|---|
Product: | [Red Hat Storage] Red Hat Gluster Storage | Reporter: | Arthy Loganathan <aloganat> | |
Component: | common-ha | Assignee: | Kaleb KEITHLEY <kkeithle> | |
Status: | CLOSED ERRATA | QA Contact: | Arthy Loganathan <aloganat> | |
Severity: | high | Docs Contact: | ||
Priority: | high | |||
Version: | rhgs-3.2 | CC: | aloganat, amukherj, dang, ffilz, jthottan, kkeithle, mbenjamin, mgrepl, mmalik, msaini, rcyriac, rhinduja, rhs-bugs, sbhaloth, skoduri, sraj, storage-qa-internal | |
Target Milestone: | --- | |||
Target Release: | RHGS 3.2.0 | |||
Hardware: | x86_64 | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | selinux-policy-3.13.1-102.el7_3.12 | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1400493 (view as bug list) | Environment: | ||
Last Closed: | 2017-03-23 05:52:24 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 1408125 | |||
Bug Blocks: | 1351528 |
Description
Arthy Loganathan
2016-11-29 15:16:22 UTC
Does this workaround help? # cat bz1399698.te policy_module(bz1399698,1.0) require { type glusterd_t; type init_t; class service { stop }; } allow glusterd_t init_t : service { stop }; # make -f /usr/share/selinux/devel/Makefile Compiling targeted bz1399698 module /usr/bin/checkmodule: loading policy configuration from tmp/bz1399698.tmp /usr/bin/checkmodule: policy configuration loaded /usr/bin/checkmodule: writing binary representation (version 17) to tmp/bz1399698.mod Creating targeted bz1399698.pp policy package rm tmp/bz1399698.mod.fc tmp/bz1399698.mod # semodule -i bz1399698.pp # The /usr/share/selinux/devel/Makefile comes from selinux-policy-devel package. With this local fix suggested, I have tried running the test and the issue is not seen. However, I assume functionality is not getting impacted with this AVC and its seen intermittently. Checked on rhel 6.8 [root@dhcp37-156 core]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.8 (Santiago) [root@dhcp37-156 core]# rpm -qa | grep selinux libselinux-2.0.94-7.el6.x86_64 selinux-policy-targeted-3.7.19-292.el6_8.2.noarch libselinux-python-2.0.94-7.el6.x86_64 libselinux-utils-2.0.94-7.el6.x86_64 selinux-policy-3.7.19-292.el6_8.2.noarch No AVC's were observed on reboot of 2 ganesha node out of 4 node Verified the fix in build and no AVCs are seen while rebooting the nodes. nfs-ganesha-gluster-2.4.1-6.el7rhgs.x86_64 nfs-ganesha-2.4.1-6.el7rhgs.x86_64 glusterfs-ganesha-3.8.4-12.el7rhgs.x86_64 selinux-policy-3.13.1-102.el7_3.13.noarch Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2017-0486.html |