Bug 1235589 - nfs-ganesha: posix test issue with vers=3 and 4
Summary: nfs-ganesha: posix test issue with vers=3 and 4
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Gluster Storage
Classification: Red Hat Storage
Component: glusterd
Version: rhgs-3.1
Hardware: x86_64
OS: Linux
unspecified
urgent
Target Milestone: ---
: ---
Assignee: Soumya Koduri
QA Contact: storage-qa-internal@redhat.com
URL:
Whiteboard:
Depends On: 1047975 1238202
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-06-25 09:30 UTC by Saurabh
Modified: 2016-01-19 06:14 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-08-10 07:45:40 UTC
Embargoed:

Attachments (Terms of Use)
packet trace from client (1.05 MB, application/octet-stream)
2015-06-25 09:30 UTC, Saurabh 		no flags Details
View All

Description Saurabh 2015-06-25 09:30:45 UTC 
Created attachment 1043017 [details]
packet trace from client

Description of problem:
I configured nfs-ganesha and exported volumes. I see issue with posix test for both version of protocol i.e. 3 and 4.
Basically the posix test hangs at chmod test.

Now, I try to create a directory and delete it, the delete is also hung, even a touch for a file is also hung.

Version-Release number of selected component (if applicable):
glusterfs-3.7.1-5.el6rhs.x86_64
nfs-ganesha-gluster-2.2.0-3.el6rhs.x86_64

How reproducible:
always

Steps to Reproduce:
1. create a volume of 6x2, start it
2. configure nfs-ganesha
3. export the volume 
4. mount with vers=3 and execute posix testsuite.

Actual results:

result from version =3,
[root@rhsauto048 mnt]# time prove -r /opt/qa/tools/posix-testsuite/tests/
/opt/qa/tools/posix-testsuite/tests/chflags/00.t ... ok
/opt/qa/tools/posix-testsuite/tests/chflags/01.t ... ok
/opt/qa/tools/posix-testsuite/tests/chflags/02.t ... ok
/opt/qa/tools/posix-testsuite/tests/chflags/03.t ... ok
/opt/qa/tools/posix-testsuite/tests/chflags/04.t ... ok
/opt/qa/tools/posix-testsuite/tests/chflags/05.t ... ok
/opt/qa/tools/posix-testsuite/tests/chflags/06.t ... ok
/opt/qa/tools/posix-testsuite/tests/chflags/07.t ... ok
/opt/qa/tools/posix-testsuite/tests/chflags/08.t ... ok
/opt/qa/tools/posix-testsuite/tests/chflags/09.t ... ok
/opt/qa/tools/posix-testsuite/tests/chflags/10.t ... ok
/opt/qa/tools/posix-testsuite/tests/chflags/11.t ... ok
/opt/qa/tools/posix-testsuite/tests/chflags/12.t ... ok
/opt/qa/tools/posix-testsuite/tests/chflags/13.t ... ok
/opt/qa/tools/posix-testsuite/tests/chmod/00.t ..... 1/58 


[root@rhsauto048 mnt]# touch f2 ---> hung

result from version=4,
[root@rhsauto048 dir1]# rmdir d1
^C
here I was not able to delete the directory.

Expected results:
posix test suite should pass, file system basic operaions should work.

Additional info:
Comment 2 Saurabh 2015-06-25 10:05:37 UTC 
As per discussion with Soumya, I executed the posix test suite from a different VIP and I saw lot of failures,

Monted the volume from 10.70.44.95,
[root@rhsauto048 dir2]# mount | grep vol3
10.70.44.95:/vol3 on /export/mnt type nfs (rw,vers=3,addr=10.70.44.95)

created a dir2 inside the mount-point
[root@rhsauto048 dir2]# pwd
/export/mnt/dir2

and executed the posic testsuite,
Test Summary Report
-------------------
/opt/qa/tools/posix-testsuite/tests/chmod/00.t   (Wstat: 0 Tests: 58 Failed: 13)
  Failed tests:  12-16, 33-36, 45-48
/opt/qa/tools/posix-testsuite/tests/chown/00.t   (Wstat: 0 Tests: 171 Failed: 32)
  Failed tests:  8-13, 77, 84, 88, 104-108, 126-132, 141
                145, 147-150, 153, 163-166
/opt/qa/tools/posix-testsuite/tests/link/00.t    (Wstat: 0 Tests: 82 Failed: 34)
  Failed tests:  28-42, 44-46, 48, 50, 61-67, 72-73, 75-78
                81
/opt/qa/tools/posix-testsuite/tests/link/10.t    (Wstat: 0 Tests: 14 Failed: 2)
  Failed tests:  11-12
/opt/qa/tools/posix-testsuite/tests/mkdir/10.t   (Wstat: 0 Tests: 12 Failed: 3)
  Failed tests:  10-12
/opt/qa/tools/posix-testsuite/tests/mkfifo/00.t  (Wstat: 0 Tests: 36 Failed: 31)
  Failed tests:  2-16, 18-23, 25-27, 29-35
/opt/qa/tools/posix-testsuite/tests/mkfifo/02.t  (Wstat: 0 Tests: 3 Failed: 2)
  Failed tests:  1-2
/opt/qa/tools/posix-testsuite/tests/mkfifo/03.t  (Wstat: 0 Tests: 11 Failed: 2)
  Failed tests:  5-6
/opt/qa/tools/posix-testsuite/tests/mkfifo/05.t  (Wstat: 0 Tests: 12 Failed: 4)
  Failed tests:  4-5, 9-10
/opt/qa/tools/posix-testsuite/tests/mkfifo/06.t  (Wstat: 0 Tests: 12 Failed: 4)
  Failed tests:  4-5, 9-10
/opt/qa/tools/posix-testsuite/tests/mkfifo/09.t  (Wstat: 0 Tests: 12 Failed: 3)
  Failed tests:  10-12
/opt/qa/tools/posix-testsuite/tests/open/17.t    (Wstat: 0 Tests: 3 Failed: 3)
  Failed tests:  1-3
/opt/qa/tools/posix-testsuite/tests/open/22.t    (Wstat: 0 Tests: 12 Failed: 2)
  Failed tests:  7-8
/opt/qa/tools/posix-testsuite/tests/rename/00.t  (Wstat: 0 Tests: 79 Failed: 21)
  Failed tests:  22-24, 26-31, 33-35, 55-58, 69, 71-74
/opt/qa/tools/posix-testsuite/tests/rename/09.t  (Wstat: 0 Tests: 56 Failed: 12)
  Failed tests:  23-25, 27-29, 31-33, 35-37
/opt/qa/tools/posix-testsuite/tests/rename/10.t  (Wstat: 0 Tests: 188 Failed: 29)
  Failed tests:  12, 27, 42, 83-85, 89-90, 95, 98-100, 104-105
                110, 113-115, 119-120, 125, 128-130, 132-133
                144, 159, 174
/opt/qa/tools/posix-testsuite/tests/rename/13.t  (Wstat: 0 Tests: 17 Failed: 11)
  Failed tests:  7-17
/opt/qa/tools/posix-testsuite/tests/rename/14.t  (Wstat: 0 Tests: 17 Failed: 4)
  Failed tests:  7-8, 10-11
/opt/qa/tools/posix-testsuite/tests/rename/20.t  (Wstat: 0 Tests: 16 Failed: 5)
  Failed tests:  9-11, 13, 16
/opt/qa/tools/posix-testsuite/tests/rename/ren.t (Wstat: 0 Tests: 22 Failed: 5)
  Failed tests:  12, 14-17
/opt/qa/tools/posix-testsuite/tests/rmdir/01.t   (Wstat: 0 Tests: 14 Failed: 3)
  Failed tests:  12-14
/opt/qa/tools/posix-testsuite/tests/rmdir/06.t   (Wstat: 0 Tests: 20 Failed: 4)
  Failed tests:  17-20
/opt/qa/tools/posix-testsuite/tests/unlink/00.t  (Wstat: 0 Tests: 55 Failed: 16)
  Failed tests:  10-12, 19-23, 28-31, 39-42
/opt/qa/tools/posix-testsuite/tests/unlink/11.t  (Wstat: 0 Tests: 33 Failed: 9)
  Failed tests:  14-22
Files=185, Tests=1979, 294 wallclock secs ( 1.08 usr  0.36 sys + 10.43 cusr  8.60 csys = 20.47 CPU)
Result: FAIL

real    4m54.718s
user    0m11.609s
sys     0m9.012s
Comment 3 Soumya Koduri 2015-06-26 13:02:07 UTC 
I see following avc errors while running these tests on saurabh's test -


$ausearch -m avc -m user_avc -m selinux_err -i -ts recent 

type=AVC msg=audit(06/26/2015 18:25:19.502:23479) : avc:  denied  { create } for  pid=22787 comm=glusterfsd name=fstest_d7505dc2bddbaa465351ccb3b0a39500 scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
----
type=SYSCALL msg=audit(06/26/2015 18:25:17.088:23478) : arch=x86_64 syscall=mknod success=no exit=-13(Permission denied) a0=0x7f8e5d8e9710 a1=fifo,644 a2=0x0 a3=0x3736633634336539 items=0 ppid=1 pid=22787 auid=unset uid=root gid=root euid=root suid=root fsuid=root egid=root sgid=root fsgid=root tty=(none) ses=unset comm=glusterfsd exe=/usr/sbin/glusterfsd subj=system_u:system_r:glusterd_t:s0 key=(null)


In '/var/log/audit/audit.log' -- >
type=AVC msg=audit(1435321173.914:23145): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_0fbc85f7f8f91604f06cb8e78dab837e" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321176.115:23146): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_0fbc85f7f8f91604f06cb8e78dab837e" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321179.272:23147): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_0fbc85f7f8f91604f06cb8e78dab837e" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321182.783:23148): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_1182b491e783ff223822884a488395b2" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321185.829:23149): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_1182b491e783ff223822884a488395b2" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321190.049:23150): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_1182b491e783ff223822884a488395b2" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321194.291:23151): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_1182b491e783ff223822884a488395b2" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321198.489:23152): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_1182b491e783ff223822884a488395b2" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321202.434:23165): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_37d67bbb3708e88df68455c476dbb315" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321203.689:23166): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_37d67bbb3708e88df68455c476dbb315" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321205.837:23167): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_37d67bbb3708e88df68455c476dbb315" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321214.489:23168): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_e45cb02d89900868423e9c719448b4c7" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321218.608:23169): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_ca18ede50bf0e59a9b7839113a152f80" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321218.923:23170): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_402ad2d827c2a56ad286451297460202" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321218.952:23171): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_402ad2d827c2a56ad286451297460202" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321218.980:23172): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_402ad2d827c2a56ad286451297460202" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321219.014:23173): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_402ad2d827c2a56ad286451297460202" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321219.045:23174): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_402ad2d827c2a56ad286451297460202" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321219.089:23175): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_402ad2d827c2a56ad286451297460202" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321219.120:23176): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_402ad2d827c2a56ad286451297460202" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321219.169:23177): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_402ad2d827c2a56ad286451297460202" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321220.218:23178): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_402ad2d827c2a56ad286451297460202" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321220.504:23179): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_123456789_1234" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321220.679:23180): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="x" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321221.228:23181): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_be64d48317006e64c18922ed174c0f7f" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321221.265:23182): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_be64d48317006e64c18922ed174c0f7f" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321221.432:23183): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_9c805ef418bec6dde26a0e8f884b7075" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321221.464:23184): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_9c805ef418bec6dde26a0e8f884b7075" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321221.786:23185): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_a780367d6b41f8ec1a3d6058620fbee2" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321221.794:23186): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_a780367d6b41f8ec1a3d6058620fbee2" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321229.051:23187): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_3364abcaa121676ee463b364ffbb5b24" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321229.550:23188): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_2a5d42492a42ed524e8e5010a5317bd6" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321230.098:23189): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_4605d47a4a735ac5879d11087e95adfd" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321232.453:23190): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_4605d47a4a735ac5879d11087e95adfd" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321236.675:23191): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_4605d47a4a735ac5879d11087e95adfd" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321240.645:23192): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_97e72f44f7ecaf93ad90420eb163ba7d" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321240.688:23193): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_97e72f44f7ecaf93ad90420eb163ba7d" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321240.726:23194): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_97e72f44f7ecaf93ad90420eb163ba7d" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321240.763:23195): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_97e72f44f7ecaf93ad90420eb163ba7d" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321241.257:23196): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_0da7a92f816c69b9854fb720ffc405ac" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321241.452:23197): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_0da7a92f816c69b9854fb720ffc405ac" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321241.703:23198): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_0da7a92f816c69b9854fb720ffc405ac" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321242.204:23199): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_0da7a92f816c69b9854fb720ffc405ac" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321242.221:23200): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_1502a30c7d53f3173a7634b681afe4ec" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321242.371:23201): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_0da7a92f816c69b9854fb720ffc405ac" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321242.388:23202): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_1502a30c7d53f3173a7634b681afe4ec" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321242.540:23203): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_0da7a92f816c69b9854fb720ffc405ac" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321242.556:23204): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_1502a30c7d53f3173a7634b681afe4ec" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321242.704:23205): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_0da7a92f816c69b9854fb720ffc405ac" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321242.716:23206): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_1502a30c7d53f3173a7634b681afe4ec" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321242.889:23207): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_1502a30c7d53f3173a7634b681afe4ec" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321243.073:23208): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_1502a30c7d53f3173a7634b681afe4ec" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321243.252:23209): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_1502a30c7d53f3173a7634b681afe4ec" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321243.992:23210): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_6b346157c844f94c714fd72b70486718" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321244.243:23211): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_8627271155435dad5b6be6a191be8302" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321245.180:23212): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_2b7bdf1f59b64661167e6bb6977a557a" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321248.525:23213): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_5a152b79abfba331f37445ce5ac63366" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321252.078:23214): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_e36cc4bcaac2872c963028a3312cf3c2" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321253.227:23215): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_2f27bd154149d2f65cbccbff235475c8" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321261.831:23222): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_030a2756f8a0f8989a99ffc7afdf3fb6" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321262.940:23223): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_030a2756f8a0f8989a99ffc7afdf3fb6" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321265.031:23224): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_030a2756f8a0f8989a99ffc7afdf3fb6" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321267.156:23225): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_144b9f296e13e5609e4bc0ea094d4f62" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321272.367:23226): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_d4514e87fcd91e300556d4ad63c74136" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321272.387:23227): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_d4514e87fcd91e300556d4ad63c74136" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321272.407:23228): avc:  denied  { create } for  pid=7803 comm="glusterfsd" name="fstest_d4514e87fcd91e300556d4ad63c74136" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
type=AVC msg=audit(1435321272.428:23229): avc:  denied  { create } for  pid=461 comm="glusterfsd" name="fstest_d4514e87fcd91e300556d4ad63c74136" scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
[root@nfs14 ~]#


Most of the tests fail with Permission denied errors due to selinux policy. CC'in se-linux team to look into the same.


[root@nfs14 ~]# rpm -qa | grep selinux-policy
selinux-policy-3.7.19-279.el6.noarch
selinux-policy-targeted-3.7.19-279.el6.noarch
[root@nfs14 ~]# getenforce
Enforcing
[root@nfs14 ~]#
Comment 4 Milos Malik 2015-06-26 14:46:12 UTC 
Where should be these files located?
Comment 5 Soumya Koduri 2015-06-27 15:34:47 UTC 
I am sorry. I haven't got your question. The posix compliance tests are trying to create special files (FIFO) on glusterfs/nfs mounts and those operations
got denied by glusterfsd process with below AVCs reported.

>>>>>
type=AVC msg=audit(06/26/2015 18:25:19.502:23479) : avc:  denied  { create } for  pid=22787 comm=glusterfsd name=fstest_d7505dc2bddbaa465351ccb3b0a39500 scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:file_t:s0 tclass=fifo_file
----
<<<<<
Comment 6 Niels de Vos 2015-06-29 13:58:38 UTC 
I wonder if we need these hook scripts to setup the selinux context on the directories that get exported as bricks?

Not reviewed/merged yet: http://review.gluster.org/6630

    extras/hook-scripts: selinux brick file context management scripts
    
    The SELinux policy for gluster defines the glusterd_brick_t type to
    support server side SELinux (e.g., server side labels). Add
    convenience hook scripts that users/packagers can install to ensure
    that new bricks are labeled correctly.
    
    The volume create hook script adds a new SELinux file context for
    each brick path and runs a restorecon to label the brick. The
    volume delete hook removes the per-brick SELinux file context.
    
    Change-Id: I5f102db5382d813c4d822ff74e873a7a669b41db
    BUG: 1047975
    Signed-off-by: Brian Foster <bfoster>
Comment 7 Milos Malik 2015-06-29 15:41:06 UTC 
If gluster bricks are located under /bricks, could you provide the output of following command?

# ls -RZ /bricks
Comment 8 Soumya Koduri 2015-06-29 15:50:22 UTC 
[root@nfs14 ~]# ls -RZ /rhs/brick1/
/rhs/brick1/:
drwxr-xr-x. root root unconfined_u:object_r:file_t:s0  d2r21
drwxr-xr-x. root root unconfined_u:object_r:file_t:s0  d2r22
drwxr-xr-x. root root unconfined_u:object_r:file_t:s0  d4r21
drwxr-xr-x. root root unconfined_u:object_r:file_t:s0  d4r22
drwxr-xr-x. root root unconfined_u:object_r:file_t:s0  d6r21
drwxr-xr-x. root root unconfined_u:object_r:file_t:s0  d6r22

/rhs/brick1/d2r21:
drwxr-xr-x. root root unconfined_u:object_r:file_t:s0  dir1

/rhs/brick1/d2r21/dir1:

/rhs/brick1/d2r22:

/rhs/brick1/d4r21:
drwxr-xr-x. root root unconfined_u:object_r:file_t:s0  dir1

/rhs/brick1/d4r21/dir1:

/rhs/brick1/d4r22:

/rhs/brick1/d6r21:
drwxr-xr-x. root root unconfined_u:object_r:file_t:s0  dir1

/rhs/brick1/d6r21/dir1:

/rhs/brick1/d6r22:
[root@nfs14 ~]#
Comment 9 Milos Malik 2015-06-29 16:05:59 UTC 
The /rhs/brick1 subtree is not labeled correctly. There are 2 ways how to correct that:

# chcon -R -t glusterd_brick_t /rhs/brick1

or

# semanage fcontext -a -t glusterd_brick_t '/rhs/brick1(/.*)?'
# restorecon -Rv /rhs/brick1

The first option is very quick, but does not survive restorecon or autorelabel. The second option is a bit slower, but survives both restorecon and autorelabel.
Comment 10 Niels de Vos 2015-06-29 20:36:35 UTC 
Thanks Milos!

This explains that the problem is not only for nfs-ganesha, but a glusterfs-server one. We need the scripts from Brian Foster (comment #6) that set the context/labels correctly when the Gluster volume is created/extended.
Comment 12 Saurabh 2015-07-27 13:59:16 UTC 
set the context as mentioned earlier and executed the posix testsuite.
Note You need to log in before you can comment on or make changes to this bug.