Bug 205332

Summary: iscsi tools need selinux policy
Product: [Fedora] Fedora Reporter: Jeremy Katz <katzj>
Component: iscsi-initiator-utilsAssignee: Mike Christie <mchristi>
Status: CLOSED RAWHIDE QA Contact:
Severity: high Docs Contact:
Priority: medium    
Version: rawhideCC: agrover, dwalsh
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-10-09 20:57:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 150224    
Attachments:
Description Flags
Initial policy for iscsi none

Description Jeremy Katz 2006-09-06 04:06:56 UTC 
We need to have some basic amount of SELinux policy around the iscsi tools so
that the tools get transitioned into domains that can connect to the sockets,
read the config files, etc when invoked by mkinitrd with root on iscsi.

At this point, probably not going to happen for test3, but we should try to get
it in right after
Comment 1 Daniel Walsh 2006-09-25 18:50:53 UTC 
Created attachment 137080 [details]
Initial policy for iscsi

If you untar this tgz and execute the following commands you can install the
policy

tar zxvf /tmp/iscsi.tgz
semodule -i iscsid.pp
restorecon /sbin/iscsid /var/run/iscsid.pid 
setenforce 0
service iscsi restart

BTW iscsid.pid should be in /var/run not /etc/iscsi  Please change.
Run your tests.  Collect avcs and send them to me.
Comment 2 Jeremy Katz 2006-09-27 17:24:49 UTC 
This is in now -- I'll try to do some testing with it to see where the holes are
later