Description of problem:

When using glusterfs-server with glusterfs-rdma on a SELinux enabled system, a volume using transport-type (tcp,)rdma can not be mounted by clients or replicated between servers as long as glusterd ist started through systemd/systemctl. However, manually starting glusterd as root and restarting glusterfsd seems to work.

Version-Release number of selected component (if applicable):
3.7.6

How reproducible:
Always

Steps to Reproduce:
1. On two Systems with SELinux in Enforcing mode and Infiniband already set up, install glusterfs-server and glsuterfs-rdma
2. Create a replicated volume with bricks on both servers
3. Start the volume with the force option
4. Restart gluster(fs)d using (on both servers):
4a.systemctl restart glusterfsd 
4b.systemctl restart glusterd

Actual results:

Volumes may be shown in gluster volume status, but are not accessible/mountable by clients.

Expected results:
Volumes are replicated/accessible and mountable by clients.
Furthermore steps 4a and 4b are still needed using the workaround, but should not according to the documentation.

Additional info:
Using audit2allow from the policycoreutils-python I generated the following SELinux TE module for glusterfs and rdma transport-type on serverside:
#=========start=========
module gluster 1.0;

require {
	type unconfined_t;
	type glusterd_t;
	type infiniband_device_t;
	class process signal;
	class unix_stream_socket connectto;
	class capability ipc_lock;
	class chr_file { read write open };
}

#============= glusterd_t ==============

#!!!! This avc is allowed in the current policy
allow glusterd_t infiniband_device_t:chr_file { read write open };
allow glusterd_t self:capability ipc_lock;
allow glusterd_t unconfined_t:process signal;
allow glusterd_t unconfined_t:unix_stream_socket connectto;
#==========end==========

Using the pp files of the module and importing them on both servers (using semodule -i) made the Volumes available/mountable after following steps 1 to 4b.