Red Hat Bugzilla – Bug 1276568
Selinux/Appamor should be disabled for generation librbd traces
Last modified: 2016-09-19 21:50:54 EDT
Description of problem:
Selinux/Appamor should be disabled for generation librbd traces for RHEL/Ubuntu respectively.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
For generating librbd traces using rbd-replay, we must disable selinux/appamor in the system
We should specify to disable selinux/appamor as a prerequisite.
Jason, SELinux needs to be disabled on any node that uses librbd, right? In other words, it should be disabled on all qemu hypervisors that use librbd?
(Sorry I don't have rights to view https://access.redhat.com/articles/1605163 so I can't confirm whether this covers all qemu usage or not)
I would hesitate to say SElinux / AppArmor need to be disabled for this to work. The more nuanced answer is that SElinux / AppArmor profiles should be disabled / set to permissive for the QEMU process. Another approach is to build a custom profile that permits the access (e.g. using audit2allow for SElinux).
Sounds better to me.
Sounds good to me as well.
Marking it Verified.
Fixed for 1.3.1 Release.