Bug 1463641

Looking at all the various selinux-policy packages in RHEL and Fedora, there are policies for glusterd and nfs-ganesha in selinux-policy for RHEL7.3.z, RHEL7.4, and Fedora 26 and 27.

Since they're not in Fedora 25 (and before I saw that they're in F26 and F27) I was tempted lift the policy bits from RHEL7 and add -selinux subpackages to gluster and nfs-ganesha. I'm not sure that's a good idea though at this point.

In the mean time it appears that all I need to do is add either
  semanage boolean -m ganesha_use_fusefs --on
or the
  %selinux_{set,unset}_booleans
to %post ganesha and %postun ganesha in the glusterfs.spec.

for Fedora 26 and later. Until {RHEL,CentOS} 7.4 ships this can't be added for RHEL as rpm packaging is not able to discriminate between there are no CentOS Z-Stream releases and rpm packages don't distinguish between 7.3 and 7.4

REVIEW: https://review.gluster.org/17597 (common-ha: enable and disable selinux ganesha_use_fusefs) posted (#1) for review on release-3.10 by Kaleb KEITHLEY (kkeithle)

REVIEW: https://review.gluster.org/17597 (common-ha: enable and disable selinux ganesha_use_fusefs) posted (#2) for review on release-3.10 by Kaleb KEITHLEY (kkeithle)

REVIEW: https://review.gluster.org/17597 (common-ha: enable and disable selinux ganesha_use_fusefs) posted (#3) for review on release-3.10 by Kaleb KEITHLEY (kkeithle)

COMMIT: https://review.gluster.org/17597 committed in release-3.10 by Kaleb KEITHLEY (kkeithle) 
------
commit 5ad6e1e07f5304deb022ebd54dbbdac6f9c651fb
Author: Kaleb S. KEITHLEY <kkeithle>
Date:   Wed Jun 21 10:01:20 2017 -0400

    common-ha: enable and disable selinux ganesha_use_fusefs
    
    Starting in Fedora 26 and RHEL 7.4 there are new targeted policies
    in selinux which include a tuneable to allow ganesha.nfsd to access
    the gluster (FUSE) shared_storage volume where ganesha maintains its
    state.
    
    N.B. rpm doesn't have a way to distinguish between RHEL 7.3 or 7.4
    so it can't be enabled for RHEL at this time. /usr/sbin/semanage is
    in policycoreutils-python in RHEL (versus policycoreutils-python-utils
    in Fedora.) Once RHEL 7.4 GAs we may also wish to specify the version
    for RHEL 7 explicitly, i.e.
      Requires: selinux-policy >= 3.13.1-160.
    But beware, the corresponding version in Fedora 26 seems to be
    selinux-policy-3.13.1.258 or so. (Maybe earlier versions, but that's
    what's currently in the F26 beta.
    
    release-3.10 is the upstream master branch for glusterfs-ganesha. For
    release-3.11 and later storhaug needs a similar change, which is
    tracked by https://github.com/linux-ha-storage/storhaug/issues/11
    
    Maybe at some point we would want to consider migrating the targeted
    policies for glusterfs (and nfs-ganesha) from selinux-policy to a
    glusterfs-selinux (and nfs-ganesha-selinux) subpackage?
    
    Change-Id: I04a5443edd00636cbded59a2baddfa98095bf7ac
    BUG: 1463641
    Signed-off-by: Kaleb S. KEITHLEY <kkeithle>
    Reviewed-on: https://review.gluster.org/17597
    Smoke: Gluster Build System <jenkins.org>
    Reviewed-by: Niels de Vos <ndevos>
    Reviewed-by: jiffin tony Thottan <jthottan>
    CentOS-regression: Gluster Build System <jenkins.org>

This bug reported is against a version of Gluster that is no longer maintained (or has been EOL'd). See https://www.gluster.org/release-schedule/ for the versions currently maintained.

As a result this bug is being closed.

If the bug persists on a maintained version of gluster or against the mainline gluster repository, request that it be reopened and the Version field be marked appropriately.