Red Hat Bugzilla – Bug 1287878
glusterfs does not allow passing standard SElinux mount options to fuse
Last modified: 2016-09-20 00:29:01 EDT
+++ This bug was initially created as a clone of Bug #1287763 +++
+++ Use this bug to provide a backport to release-3.6 +++
Description of problem:
With older versions of gluster, say 3.5.3, glusterfs supports setting selinux context over fuse.glusterfs mountpoint. After 3.6.1, it throws an error : "Invalid option: context".
The problem is because of a change in mount.glusterfs script. With older versions, it works fine.
Version-Release number of selected component (if applicable):
Always in versions from 3.6
Steps to Reproduce:
It throws an error "Invalid option: context"
Inform FUSE that the glusterfs sub-filesystem supports SElinux while passing mount options and allow to set selinux context over the mountpoint.
When you set selinux context, the same can be verfied in /proc/mounts:
vm1:sel /qwe1 fuse.glusterfs rw,context=system_u:object_r:user_home_t:s0,relatime,user_id=0,group_id=0,default_ permissions,allow_other,max_read=131072 0 0
--- Additional comment from Vijay Bellur on 2015-12-02 21:56:01 CET ---
REVIEW: http://review.gluster.org/12858 (fuse: pass default SElinux mount options on to the kernel) posted (#1) for review on master by Niels de Vos (firstname.lastname@example.org)
REVIEW: http://review.gluster.org/12871 (fuse: pass default SElinux mount options on to the kernel) posted (#1) for review on release-3.6 by Manikandan Selvaganesh (email@example.com)
COMMIT: http://review.gluster.org/12871 committed in release-3.6 by Raghavendra Bhat (firstname.lastname@example.org)
Author: Niels de Vos <email@example.com>
Date: Wed Dec 2 21:19:56 2015 +0100
fuse: pass default SElinux mount options on to the kernel
In order to set default SElinux contexts on a Gluster mount, the
standard SElinux mount options need to be passed to the kernel. The
mount(8) manual page lists "context", "fscontext", "defcontext" and
"rootcontext" as valid options.
Backport of http://review.gluster.org/#/c/12858/
Cherry-picked from commit 5e81233f0a3c153e03c437a164ac2ca21314bdec
> BUG: 1287763
> Change-Id: I015fe27e4c6ff36a030e3480b23141aca2d91fc2
> Signed-off-by: Niels de Vos <firstname.lastname@example.org>
> Reviewed-on: http://review.gluster.org/12858
> Tested-by: NetBSD Build System <email@example.com>
> Tested-by: Gluster Build System <firstname.lastname@example.org>
> Reviewed-by: Humble Devassy Chirammal <email@example.com>
> Reviewed-by: Manikandan Selvaganesh <firstname.lastname@example.org>
Signed-off-by: Manikandan Selvaganesh <email@example.com>
Reviewed-by: Niels de Vos <firstname.lastname@example.org>
Tested-by: Gluster Build System <email@example.com>
Reviewed-by: Raghavendra Bhat <firstname.lastname@example.org>
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-v3.6.8, please open a new bug report.
glusterfs-v3.6.8 has been announced on the Gluster mailinglists , packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist  and the update infrastructure for your distribution.