Bug 905192

Summary: 3.1.z selinux access problems
Product: Red Hat Enterprise Linux 6 Reporter: Chris Pelland <cpelland>
Component: vdsmAssignee: Federico Simoncelli <fsimonce>
Status: CLOSED ERRATA QA Contact: Dafna Ron <dron>
Severity: medium Docs Contact:
Priority: urgent    
Version: 6.4CC: abaron, acathrow, bazulay, cpelland, cristi.falcas, dwalsh, dyasny, fsimonce, iheim, ilvovsky, lpeer, mgoldboi, teigland, ykaul, zdover
Target Milestone: rcKeywords: ZStream
Target Release: 6.4   
Hardware: x86_64   
OS: Linux   
Whiteboard: storage
Fixed In Version: vdsm-4.10.2-1.3.el6 Doc Type: Bug Fix
Doc Text:
Previously, SELinux prevented /usr/sbin/sanlock from search access on NFS data storage domains, because of the SELinux context set on the files in those domains. This stopped NFS storage domains being activated, because the SPM role could not be assigned to a host. Now, VDSM correctly sets the SELinux context labels on files in data storage domains, allowing Sanlock to function correctly.
 Story Points: ---
Clone Of: 879899 Environment:
Last Closed: 2013-02-25 19:08:02 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 877715, 879899    
Bug Blocks:    

Comment 1 Federico Simoncelli 2013-01-29 11:51:30 UTC 
I74070ebb: misc: rename safelease to clusterlock [1]
I78072254: domain: select the cluster lock using makeClusterLock [2]
I106618a9: clusterlock: add the local locking implementation [3]

[1] http://gerrit.ovirt.org/#/c/10067/
[2] http://gerrit.ovirt.org/#/c/10281/
[3] http://gerrit.ovirt.org/#/c/10282/
Comment 3 Dafna Ron 2013-02-24 17:32:41 UTC 
verified on si27.2 on all-in-one with vdsm-4.10.2-1.6.el6.x86_64
[root@cougar02 yum.repos.d]# getsebool -a | egrep "(sanlock_use|virt_use_sanlock)"
sanlock_use_fusefs --> on
sanlock_use_nfs --> on
sanlock_use_samba --> on
virt_use_sanlock --> on
[root@cougar02 yum.repos.d]#
Comment 5 errata-xmlrpc 2013-02-25 19:08:02 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0555.html