Bug 1544824
| Summary: | [Ganesha] : Cluster creation fails on selinux enabled/enforced nodes. | ||
|---|---|---|---|
| Product: | [Red Hat Storage] Red Hat Gluster Storage | Reporter: | Ambarish <asoman> |
| Component: | nfs-ganesha | Assignee: | Kaleb KEITHLEY <kkeithle> |
| Status: | CLOSED ERRATA | QA Contact: | Manisha Saini <msaini> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | rhgs-3.4 | CC: | amukherj, dang, ffilz, jthottan, kkeithle, mbenjamin, msaini, rhinduja, rhs-bugs, storage-qa-internal |
| Target Milestone: | --- | Keywords: | Regression |
| Target Release: | RHGS 3.4.0 | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | glusterfs-3.12.2-5 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-09-04 06:42:41 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1544852 | ||
| Bug Blocks: | 1503137 | ||
On a fresh install (IIRC) ganesha_use_fusefs is supposed to be "on". For some reason , we do no see this option as "on": [root@gqas004 ~]# getsebool ganesha_use_fusefs ganesha_use_fusefs --> off **Work Around** : Set the boolean manually : [root@gqas004 ~]# setsebool -P ganesha_use_fusefs on [root@gqas004 ~]# getsebool ganesha_use_fusefs ganesha_use_fusefs --> on [root@gqas004 ~]# Cluster creation is successful post this. Verified this BZ with- # rpm -qa | grep ganesha nfs-ganesha-2.5.5-3.el7rhgs.x86_64 nfs-ganesha-gluster-2.5.5-3.el7rhgs.x86_64 glusterfs-ganesha-3.12.2-6.el7rhgs.x86_64 On fresh installation of ganesha packages in 3.4,ganesha_use_fusefs is ON by default.Ganesha cluster creation is successful. # semanage boolean -l | grep ganesha ganesha_use_fusefs (on , on) Allow ganesha to use fusefs Moving this BZ to verified state. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:2607 Setting qe_test_coverage + with no testcase ID,since its been covered as part of every Ganesha test case |
Description of problem: ----------------------- gluster nfs-ganesha enable fails to create a Ganesha HA cluster on latest RHEL 7.5 Snapshot 3. There's an AVC denial when I try to create a cluster : type=AVC msg=audit(1518517089.008:203): avc: denied { search } for pid=14039 comm="ganesha.nfsd" name="/" dev="fuse" ino=1 scontext=system_u:system_r:ganesha_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir From ganesha.log : 13/02/2018 05:18:09 : epoch d6150000 : gqas004.sbu.lab.eng.bos.redhat.com : ganesha.nfsd-14038[main] main :MAIN :EVENT :ganesha.nfsd Starting: Ganesha Version 2.5.5 13/02/2018 05:18:09 : epoch d6150000 : gqas004.sbu.lab.eng.bos.redhat.com : ganesha.nfsd-14039[main] main :NFS STARTUP :CRIT :Error (token scan) while parsing (/etc/ganesha/ganesha.conf) 13/02/2018 05:18:09 : epoch d6150000 : gqas004.sbu.lab.eng.bos.redhat.com : ganesha.nfsd-14039[main] config_errs_to_log :CONFIG :CRIT :Config File (<unknown file>:0): new file (/etc/ganesha/ganesha.conf) open error (Permission denied), ignored 13/02/2018 05:18:09 : epoch d6150000 : gqas004.sbu.lab.eng.bos.redhat.com : ganesha.nfsd-14039[main] main :NFS STARTUP :FATAL :Fatal errors. Server exiting... Version-Release number of selected component (if applicable): ------------------------------------------------------------- [root@gqas004 ~]# rpm -qa|grep ganesha glusterfs-ganesha-3.12.2-3.el7rhgs.x86_64 nfs-ganesha-gluster-2.5.5-2.el7rhgs.x86_64 [root@gqas004 ~]# uname -r 3.10.0-845.el7.x86_64 [root@gqas004 ~]# rpm -qa|grep selinux selinux-policy-targeted-3.13.1-189.el7.noarch libselinux-2.5-12.el7.x86_64 libselinux-utils-2.5-12.el7.x86_64 libselinux-python-2.5-12.el7.x86_64 selinux-policy-3.13.1-189.el7.noarch How reproducible: ------------------ 2/2 (Manisha's and my setup)