Bug 867354

Summary: Configure the selinux sanlock_use_nfs boolean
Product: Red Hat Enterprise Linux 6 Reporter: Federico Simoncelli <fsimonce>
Component: vdsmAssignee: Federico Simoncelli <fsimonce>
Status: CLOSED ERRATA QA Contact: Dafna Ron <dron>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 6.3CC: abaron, bazulay, cpelland, dpaikov, dron, iheim, ilvovsky, lpeer, thildred, ykaul
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: infra
Fixed In Version: vdsm-4.9.6-39.0 Doc Type: Bug Fix
Doc Text:
Previously, VDSM did not correctly configure SELinux to work correctly with sanlock on NFS shares, which interfered with the workings of the Storage Pool Manager. Now, VDSM automatically sets the boolean required for sanlock to use NFS shares.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2012-12-04 19:12:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Federico Simoncelli 2012-10-17 11:15:32 UTC 
Description of problem:
VDSM should configure the selinux sanlock_use_nfs boolean.


Version-Release number of selected component (if applicable):
vdsm-4.9.6-38.0.el6_3


How reproducible:
100%

Steps to Reproduce:
1. Connect to a nfs pool
  
Actual results:
The following warning messages appear in /var/log/messages:

denied  { open } for comm="sanlock" name="ids" dev=0:1f scontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:nfs_t:s0 tclass=file
denied  { open } for comm="sanlock" name="leases" dev=0:1c scontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=system_u:object_r:nfs_t:s0 tclass=file


Expected results:
No warnings in the messages.

Additional info:
An upstream patch has been committed here:


Author: Federico Simoncelli <fsimonce>
Date:   Thu Sep 27 08:31:08 2012 -0400

    setup: configure selinux for sanlock on nfs

http://gerrit.ovirt.org/8255
Comment 5 Daniel Paikov 2012-11-27 15:07:09 UTC 
Checked on 4.9.6-44
Comment 7 errata-xmlrpc 2012-12-04 19:12:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-1508.html