Bug 1432783
Summary: | Selinux denying sanlock access to /rhev/data-center/mnt/server:_path/uuid/dom_md/ids mounted using nfs v4.2 | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Nir Soffer <nsoffer> |
Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> |
Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | 7.3 | CC: | bmcclain, jniederm, lvrabec, mgrepl, mmalik, plautrba, pvrabec, snagar, ssekidde, ykaul, ylavi |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-08-01 15:24:23 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1406398 |
Description
Nir Soffer
2017-03-16 07:56:06 UTC
Hi Lukas, can you explain the fix to this bug? What is the expected behavior after this fix? Can you suggest 7.3.z? This is blocking the NFS 4.2 support in RHV. (In reply to Nir Soffer from comment #3) > Hi Lukas, can you explain the fix to this bug? > I created boolean which can be enabled if you would like to mount via NFS your homedir. > What is the expected behavior after this fix? Sanlock can access to homedirs. (In reply to Lukas Vrabec from comment #6) > I created boolean which can be enabled if you would like to mount via NFS > your homedir. This fix is only relevant for the use case of sharing directories under /home. For rhev, we need to consume anything on an NFS server which the server admin provides, so boolean for /home is not a general solution. It looks like relabeling the shared directories with nfs_t works, and we can document this requirement. But what about nfs server which does not support selinux? do we have a way to disable selinux on the mount, keeping the behavior similar to nfs < v4.2? *** Bug 1414798 has been marked as a duplicate of this bug. *** Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:1861 |