Description of problem: Setup OSE with ansible installer, when creating a non privileged container with glusterfs mount, the container can not access the mount dir, even if the directory access mode and ownership is properly set. On the node the selinux boolean virt_sandbox_use_fusefs is off. After it is turned on, things work as expected. Version-Release number of selected component (if applicable): openshift v3.1.0.4-9-g72d3991 kubernetes v1.1.0-origin-1107-g4c8e6f4 etcd 2.1.2 How reproducible: Always Steps to Reproduce: 1. Install OSE using ansible 2. Create a non privileged pod with glusterfs mount 3. In the pod, access the mount dir 4. On the node where the pod is scheduled, run 'getsebool virt_sandbox_use_fusefs' 5. On the node, 'setsebool -P virt_sandbox_use_fusefs 1' 6. Repeat step 3 Actual results: After step 3: Got permission denied problem After step 4: [root@openshift-117 ~]# getsebool virt_sandbox_use_fusefs virt_sandbox_use_fusefs --> off After step 6: Reading/writing the directory were successful. Expected results: The ansible installer should have selinux boolean 'virt_sandbox_use_fusefs' turned on. Additional info: Also see https://bugzilla.redhat.com/show_bug.cgi?id=1231936
https://github.com/openshift/openshift-ansible/pull/903
Installed OSE with ansible installer with above fix, now 'virt_sandbox_use_fusefs' is turned on. I'll mark this bug as verified when this PR is merged.
PR is already merged, this bug is verified as described in comment 2.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2015:2667