Bug 1047975 - glusterfs/extras: add a convenience script to label (selinux) gluster bricks
Summary: glusterfs/extras: add a convenience script to label (selinux) gluster bricks
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: GlusterFS
Classification: Community
Component: scripts
Version: mainline
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
Assignee: Brian Foster
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1235589 1238202
TreeView+ depends on / blocked
 
Reported: 2014-01-02 19:22 UTC by Brian Foster
Modified: 2017-10-26 14:36 UTC (History)
6 users (show)

Fixed In Version: glusterfs-3.12.0
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1238202 (view as bug list)
Environment:
Last Closed: 2017-09-05 17:24:45 UTC
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:


Attachments (Terms of Use)

Description Brian Foster 2014-01-02 19:22:08 UTC
SELinux has defined the new glusterd_brick_t label to support a server side policy of glusterfs. Use of this label should allow enablement of SELinux (e.g., enforcing mode) on glusterfs servers. Bug 1016138 covers the evolution of the server side selinux policy for glusterfs.

To avoid the confusion and overhead of manual labelling each time a brick is created, add a hook script that labels the brick directory automatically on volume creation. The hook script can be included by users/admins/packagers as necessary if selinux support is desired.

Comment 1 Anand Avati 2014-01-02 19:26:45 UTC
REVIEW: http://review.gluster.org/6630 (extras/hook-scripts: add post-create script to label bricks for selinux) posted (#1) for review on master by Brian Foster (bfoster@redhat.com)

Comment 2 Anand Avati 2014-01-02 20:04:19 UTC
REVIEW: http://review.gluster.org/6630 (extras/hook-scripts: add post-create script to label bricks for selinux) posted (#2) for review on master by Brian Foster (bfoster@redhat.com)

Comment 3 Anand Avati 2014-01-03 14:39:58 UTC
REVIEW: http://review.gluster.org/6630 (extras/hook-scripts: selinux brick file context management scripts) posted (#3) for review on master by Brian Foster (bfoster@redhat.com)

Comment 4 Anand Avati 2014-01-03 16:04:16 UTC
REVIEW: http://review.gluster.org/6630 (extras/hook-scripts: selinux brick file context management scripts) posted (#4) for review on master by Brian Foster (bfoster@redhat.com)

Comment 5 Vijay Bellur 2016-01-14 15:53:07 UTC
REVIEW: http://review.gluster.org/6630 (extras/hook-scripts: SELinux brick file context management scripts) posted (#5) for review on master by Niels de Vos (ndevos@redhat.com)

Comment 6 Mike McCune 2016-03-28 22:19:01 UTC
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune@redhat.com with any questions

Comment 7 Worker Ant 2016-12-10 04:45:55 UTC
REVIEW: http://review.gluster.org/6630 (extras/hook-scripts: SELinux brick file context management scripts) posted (#6) for review on master by jiffin tony Thottan (jthottan@redhat.com)

Comment 8 Worker Ant 2017-01-17 07:46:38 UTC
REVIEW: http://review.gluster.org/6630 (extras/hook-scripts: SELinux brick file context management scripts) posted (#7) for review on master by jiffin tony Thottan (jthottan@redhat.com)

Comment 9 Worker Ant 2017-04-25 16:35:08 UTC
REVIEW: https://review.gluster.org/6630 (extras/hook-scripts: SELinux brick file context management scripts) posted (#8) for review on master by Niels de Vos (ndevos@redhat.com)

Comment 10 Worker Ant 2017-04-25 18:42:30 UTC
REVIEW: https://review.gluster.org/6630 (extras/hook-scripts: SELinux brick file context management scripts) posted (#9) for review on master by Niels de Vos (ndevos@redhat.com)

Comment 11 Worker Ant 2017-04-26 11:15:22 UTC
REVIEW: https://review.gluster.org/6630 (extras/hook-scripts: SELinux brick file context management scripts) posted (#10) for review on master by Niels de Vos (ndevos@redhat.com)

Comment 12 Worker Ant 2017-04-29 09:44:25 UTC
REVIEW: https://review.gluster.org/6630 (extras/hook-scripts: SELinux brick file context management scripts) posted (#11) for review on master by Niels de Vos (ndevos@redhat.com)

Comment 13 Worker Ant 2017-05-01 09:30:05 UTC
COMMIT: https://review.gluster.org/6630 committed in master by Kaleb KEITHLEY (kkeithle@redhat.com) 
------
commit 859669759f7fa0f2114add13660ce3bf16c77f30
Author: Brian Foster <bfoster@redhat.com>
Date:   Thu Jan 2 14:03:18 2014 -0500

    extras/hook-scripts: SELinux brick file context management scripts
    
    The SELinux policy for gluster defines the glusterd_brick_t type to
    support server side SELinux (e.g., server side labels). Add
    convenience hook scripts that users/packagers can install to ensure
    that new bricks are labeled correctly.
    
    The volume create hook script adds a new SELinux file context for
    each brick path and runs a restorecon to label the brick. The
    volume delete hook removes the per-brick SELinux file context.
    
    Change-Id: I5f102db5382d813c4d822ff74e873a7a669b41db
    BUG: 1047975
    Signed-off-by: Brian Foster <bfoster@redhat.com>
    Signed-off-by: Niels de Vos <ndevos@redhat.com>
    Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com>
    Reviewed-on: https://review.gluster.org/6630
    Smoke: Gluster Build System <jenkins@build.gluster.org>
    NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
    CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
    Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>

Comment 14 Shyamsundar 2017-09-05 17:24:45 UTC
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.12.0, please open a new bug report.

glusterfs-3.12.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://lists.gluster.org/pipermail/announce/2017-September/000082.html
[2] https://www.gluster.org/pipermail/gluster-users/


Note You need to log in before you can comment on or make changes to this bug.