Bug 1496492

Summary: Enable SELinux on CephFS
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Greg Farnum <gfarnum>
Component: DistributionAssignee: Jeff Layton <jlayton>
Status: CLOSED DUPLICATE QA Contact: Tejas <tchandra>
Severity: low Docs Contact:
Priority: low    
Version: 1.3.3CC: anharris, flucifre, gmeno, jlayton, lvrabec, me, mhackett, mmalik, pasik, pdonnell, plautrba, rperiyas, sostapov, ssekidde, uboppana
Target Milestone: rc   
Target Release: 4.1   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1812948 1814668 1814689 (view as bug list) Environment:
Last Closed: 2020-04-06 17:20:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1632385, 1715572, 1814668    
Bug Blocks: 1812948, 1814689    

Description Greg Farnum 2017-09-27 15:04:09 UTC 
Description of problem: CephFS supports ACLs in the security namespace, but SELinux refuses to run on it.

Nobody on our team is very clear on what needs to be done to make SELinux happy, so I was asked to create this ticket.
Comment 4 Lukas Vrabec 2017-09-29 07:59:37 UTC 
CephFS team is working on own SELinux policy module. We don't have any ceph related policy in rhel. Maybe we could ask them.
Comment 13 Giridhar Ramaraju 2019-08-05 13:06:16 UTC 
Updating the QA Contact to a Hemant. Hemant will be rerouting them to the appropriate QE Associate. 

Regards,
Giri
Comment 14 Giridhar Ramaraju 2019-08-05 13:08:57 UTC 
Updating the QA Contact to a Hemant. Hemant will be rerouting them to the appropriate QE Associate. 

Regards,
Giri
Comment 17 Federico Lucifredi 2020-03-10 05:21:37 UTC 
4.1 will start on 8.1 and be smoke-tested with 8.2 later. The rigorous testing will be on 8.1

let's keep the target at 4.1. This is low-risk and earlier delivery helps us with validation (we can get other teams to pitch in).  We can label it a tech preview to isolate the team from production expectations. 

Adding Gfarnum. Tracking in Trello for visibility.
Comment 23 Jeff Layton 2020-03-20 12:06:22 UTC 
This is not going to make RHEL8.2. The associated kernel/selinux-policy bugs have been moved out to RHEL8.3.