Bug 1276568 - Selinux/Appamor should be disabled for generation librbd traces
Selinux/Appamor should be disabled for generation librbd traces
Product: Red Hat Ceph Storage
Classification: Red Hat
Component: Documentation (Show other bugs)
x86_64 Unspecified
unspecified Severity high
: rc
: 1.3.1
Assigned To: ceph-docs@redhat.com
Depends On:
  Show dependency treegraph
Reported: 2015-10-30 03:34 EDT by Tanay Ganguly
Modified: 2016-09-19 21:50 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2015-12-18 04:59:32 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Tanay Ganguly 2015-10-30 03:34:17 EDT
Description of problem:
Selinux/Appamor should be disabled for generation librbd traces for RHEL/Ubuntu respectively.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

Actual results:
For generating librbd traces using rbd-replay, we must disable selinux/appamor in the system

Expected results:

Additional info:
We should specify to disable selinux/appamor as a prerequisite.

Document Link:
Comment 5 Ken Dreyer (Red Hat) 2015-10-30 11:11:28 EDT
Jason, SELinux needs to be disabled on any node that uses librbd, right? In other words, it should be disabled on all qemu hypervisors that use librbd?

(Sorry I don't have rights to view https://access.redhat.com/articles/1605163 so I can't confirm whether this covers all qemu usage or not)
Comment 6 Jason Dillaman 2015-10-30 11:16:37 EDT
I would hesitate to say SElinux / AppArmor need to be disabled for this to work.  The more nuanced answer is that SElinux / AppArmor profiles should be disabled / set to permissive for the QEMU process.  Another approach is to build a custom profile that permits the access (e.g. using audit2allow for SElinux).
Comment 8 Jason Dillaman 2015-11-02 08:53:45 EST
Sounds better to me.
Comment 9 Tanay Ganguly 2015-11-04 01:01:18 EST
Sounds good to me as well.

Marking it Verified.
Comment 10 Anjana Suparna Sriram 2015-12-18 04:59:32 EST
Fixed for 1.3.1 Release.

Note You need to log in before you can comment on or make changes to this bug.