Bug 1472171
Summary: | SELinux doesn't allow CTDB to set system resource limits | |||
---|---|---|---|---|
Product: | [Red Hat Storage] Red Hat Gluster Storage | Reporter: | Anoop C S <anoopcs> | |
Component: | ctdb | Assignee: | Anoop C S <anoopcs> | |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Vivek Das <vdas> | |
Severity: | medium | Docs Contact: | ||
Priority: | unspecified | |||
Version: | rhgs-3.3 | CC: | amukherj, gdeschner, rhinduja, rhs-smb, sheggodu | |
Target Milestone: | --- | |||
Target Release: | RHGS 3.4.0 | |||
Hardware: | x86_64 | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | selinux-policy-3.13.1-174.el7 | Doc Type: | Bug Fix | |
Doc Text: |
Cause: Under 'Enforcing' mode SELinux policy doesn't allow CTDB to change resource limit for maximum number of open files via configuration parameter CTDB_MAX_OPEN_FILES.
Consequence: With higher number of clients connection to Samba-CTDB Cluster, CTDB fails to operate with too many open files warning as the resource limit cannot be changed.
Fix: Updated the SELinux policy to allow CTDB to change resource limit based on its configuration parameters.
Result: CTDB's resource limit for maximum number of open files can be changed with increasing number of clients.
|
Story Points: | --- | |
Clone Of: | ||||
: | 1491235 (view as bug list) | Environment: | ||
Last Closed: | 2018-09-06 04:18:01 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | 1491235 | |||
Bug Blocks: | 1503134 |
Description
Anoop C S
2017-07-18 08:27:52 UTC
Followed the steps to reproduce 1. Have a RHGS Samba-CTDB setup. 2. Make sure that SELinux is set to 'Enforcing'. # getenforce Enforcing 3. Add the following to /etc/sysconfig/ctdb. CTDB_MAX_OPEN_FILES=16384 4. Start/Re-start ctdb service. 5. Check the resource limit. # cat /proc/`pgrep ctdbd`/limits | grep "open files" Max open files 1024 4096 files 6. Check audit logs for AVC on sys_resource No AVCs are present in audit logs and resource limits are updated. cat /proc/`pgrep ctdbd`/limits | grep "open files" Max open files 16384 16384 files Version selinux-policy-targeted-3.13.1-189.el7.noarch samba-4.7.5-101.el7rhgs.x86_64 |