Bug 1318100 - RFE : SELinux translator to support setting SELinux contexts on files in a glusterfs volume
Summary: RFE : SELinux translator to support setting SELinux contexts on files in a gl...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: GlusterFS
Classification: Community
Component: core
Version: mainline
Hardware: All
OS: Unspecified
medium
medium
Target Milestone: ---
Assignee: Manikandan Selvaganesan
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1230671 1252627 1447597
TreeView+ depends on / blocked
 
Reported: 2016-03-16 05:20 UTC by Manikandan
Modified: 2017-10-26 14:36 UTC (History)
15 users (show)

Fixed In Version: glusterfs-3.12.0
Doc Type: Enhancement
Doc Text:
Clone Of:
: 1447597 (view as bug list)
Environment:
Last Closed: 2017-05-30 18:32:08 UTC
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Embargoed:

Attachments (Terms of Use)

Description Manikandan 2016-03-16 05:20:17 UTC 
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Niels de Vos 2016-03-16 05:27:02 UTC 
At the moment it is not possible to set the SELinux context on a mounted Gluster Volume. We intend to have this functionality added to the Gluster core, and from there on add support to additional layers (FUSE, Labelled NFS, ...).

More details are listed in a conversation on the Gluster developers list:
  http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/13071
Comment 2 Vijay Bellur 2016-03-17 11:52:41 UTC 
REVIEW: http://review.gluster.org/13762 ([WIP]SELinux : implementation of SELinux translator) posted (#1) for review on master by Manikandan Selvaganesh (mselvaga)
Comment 3 Vijay Bellur 2016-04-04 06:57:46 UTC 
REVIEW: http://review.gluster.org/13762 ([WIP]SELinux : implementation of SELinux translator) posted (#2) for review on master by Manikandan Selvaganesh (mselvaga)
Comment 4 Vijay Bellur 2016-04-15 11:04:46 UTC 
REVIEW: http://review.gluster.org/13762 ([WIP]SELinux : implementation of SELinux translator) posted (#3) for review on master by Manikandan Selvaganesh (mselvaga)
Comment 5 Niels de Vos 2016-05-09 08:36:03 UTC 
Moving out of glusterfs-3.8, we passed the branching and changes were not ready for inclusion.
Comment 6 Vijay Bellur 2016-07-18 09:32:56 UTC 
REVIEW: http://review.gluster.org/13762 ([WIP]SELinux : implementation of SELinux translator) posted (#4) for review on master by Manikandan Selvaganesh (mselvaga)
Comment 9 Worker Ant 2016-11-20 18:09:35 UTC 
REVIEW: http://review.gluster.org/13762 (SELinux : implementation of SELinux translator) posted (#5) for review on master by jiffin tony Thottan (jthottan)
Comment 10 Csaba Henk 2017-02-03 00:55:01 UTC 
(In reply to Niels de Vos from comment #1)
> At the moment it is not possible to set the SELinux context on a mounted
> Gluster Volume. We intend to have this functionality added to the Gluster
> core, and from there on add support to additional layers (FUSE, Labelled
> NFS, ...).
> 
> More details are listed in a conversation on the Gluster developers list:
>   http://thread.gmane.org/gmane.comp.file-systems.gluster.devel/13071

As Gmane is down, this link is defunct, so here is another link to the
same mail:

http://lists.gluster.org/pipermail/gluster-devel/2015-December/047262.html
Comment 11 Worker Ant 2017-02-14 16:57:40 UTC 
REVIEW: https://review.gluster.org/16616 (libglusterfs: add dict_rename_key()) posted (#1) for review on master by Niels de Vos (ndevos)
Comment 12 Worker Ant 2017-02-14 17:34:21 UTC 
REVIEW: https://review.gluster.org/13762 (SELinux : implementation of SELinux translator) posted (#6) for review on master by Niels de Vos (ndevos)
Comment 13 Worker Ant 2017-02-14 17:34:27 UTC 
REVIEW: https://review.gluster.org/16616 (libglusterfs: add dict_rename_key()) posted (#2) for review on master by Niels de Vos (ndevos)
Comment 14 Worker Ant 2017-02-14 17:34:35 UTC 
REVIEW: https://review.gluster.org/16617 (core: add op-version for GlusterFS 3.11) posted (#1) for review on master by Niels de Vos (ndevos)
Comment 15 Worker Ant 2017-02-14 17:57:27 UTC 
REVIEW: https://review.gluster.org/13762 (SELinux : implementation of SELinux translator) posted (#7) for review on master by Niels de Vos (ndevos)
Comment 16 Worker Ant 2017-02-14 17:57:33 UTC 
REVIEW: https://review.gluster.org/16616 (libglusterfs: add dict_rename_key()) posted (#3) for review on master by Niels de Vos (ndevos)
Comment 17 Worker Ant 2017-02-14 17:57:45 UTC 
REVIEW: https://review.gluster.org/16617 (core: add op-version for GlusterFS 3.11) posted (#2) for review on master by Niels de Vos (ndevos)
Comment 18 Worker Ant 2017-03-30 12:22:21 UTC 
REVIEW: https://review.gluster.org/16616 (libglusterfs: add dict_rename_key()) posted (#4) for review on master by Niels de Vos (ndevos)
Comment 19 Worker Ant 2017-03-30 12:44:00 UTC 
REVIEW: https://review.gluster.org/16616 (libglusterfs: add dict_rename_key()) posted (#5) for review on master by Niels de Vos (ndevos)
Comment 20 Worker Ant 2017-03-30 13:09:03 UTC 
REVIEW: https://review.gluster.org/16616 (libglusterfs: add dict_rename_key()) posted (#6) for review on master by Niels de Vos (ndevos)
Comment 21 Worker Ant 2017-03-31 13:07:03 UTC 
COMMIT: https://review.gluster.org/16616 committed in master by Jeff Darcy (jeff.us) 
------
commit 4c3aa910e7913c34db24f864a33dfb6d1e0234a4
Author: Manikandan Selvaganesh <mselvaga>
Date:   Tue Feb 14 17:50:27 2017 +0100

    libglusterfs: add dict_rename_key()
    
    The dict_rename_key() function will be used for converting the
    "security.selinux" xattr to "trusted.gluster.selinux" in the upcoming
    SELinux xlator.
    
    BUG: 1318100
    Change-Id: Ic5d0b9127e2c360d355f02e200a820597e83fa2c
    Signed-off-by: Manikandan Selvaganesh <mselvaga>
    Signed-off-by: Jiffin Tony Thottan <jthottan>
    [ndevos: split from change Id8916bd8e064ccf74ba86225ead95f86dc5a1a25]
    Reviewed-on: https://review.gluster.org/16616
    Reviewed-by: Niels de Vos <ndevos>
    Tested-by: Niels de Vos <ndevos>
    Smoke: Gluster Build System <jenkins.org>
    NetBSD-regression: NetBSD Build System <jenkins.org>
    CentOS-regression: Gluster Build System <jenkins.org>
    Reviewed-by: Jeff Darcy <jeff.us>
Comment 22 Worker Ant 2017-04-24 09:12:46 UTC 
REVIEW: https://review.gluster.org/13762 (SELinux : implementation of SELinux translator) posted (#8) for review on master by jiffin tony Thottan (jthottan)
Comment 23 Worker Ant 2017-04-24 10:49:56 UTC 
REVIEW: https://review.gluster.org/13762 (SELinux : implementation of SELinux translator) posted (#9) for review on master by jiffin tony Thottan (jthottan)
Comment 24 Worker Ant 2017-04-26 09:46:34 UTC 
REVIEW: https://review.gluster.org/13762 (SELinux : implementation of SELinux translator) posted (#10) for review on master by jiffin tony Thottan (jthottan)
Comment 25 Worker Ant 2017-05-03 09:34:14 UTC 
COMMIT: https://review.gluster.org/13762 committed in master by Niels de Vos (ndevos) 
------
commit 6484558c7502e5afe1c96081dbe329ca5d9cb7e2
Author: Manikandan Selvaganesh <mselvaga>
Date:   Wed Mar 16 21:37:22 2016 +0530

    SELinux : implementation of SELinux translator
    
    The patch implement a part of SELinux translator to support setting
    SELinux contexts on files in a glusterfs volume.
    
    URL: https://github.com/gluster/glusterfs-specs/blob/master/accepted/SELinux-client-support.md
    
    Change-Id: Id8916bd8e064ccf74ba86225ead95f86dc5a1a25
    BUG: 1318100
    Fixes : #55
    Signed-off-by: Manikandan Selvaganesh <mselvaga>
    Signed-off-by: Jiffin Tony Thottan <jthottan>
    Signed-off-by: Niels de Vos <ndevos>
    Reviewed-on: https://review.gluster.org/13762
    Smoke: Gluster Build System <jenkins.org>
    NetBSD-regression: NetBSD Build System <jenkins.org>
    CentOS-regression: Gluster Build System <jenkins.org>
    Reviewed-by: Manikandan Selvaganesh <manikandancs333>
    Reviewed-by: Atin Mukherjee <amukherj>
Comment 26 Shyamsundar 2017-05-30 18:32:08 UTC 
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.11.0, please open a new bug report.

glusterfs-3.11.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://lists.gluster.org/pipermail/announce/2017-May/000073.html
[2] https://www.gluster.org/pipermail/gluster-users/
Comment 27 Shyamsundar 2017-09-05 17:24:45 UTC 
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.12.0, please open a new bug report.

glusterfs-3.12.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://lists.gluster.org/pipermail/announce/2017-September/000082.html
[2] https://www.gluster.org/pipermail/gluster-users/
Note You need to log in before you can comment on or make changes to this bug.