Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
This project is now read‑only. Starting Monday, February 2, please use https://ibm-ceph.atlassian.net/ for all bug tracking management.

Bug 1333398

Summary: [RH Ceph 2] Do a proper SELinux relabel on rhel 7.3+
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Boris Ranto <branto>
Component: BuildAssignee: Boris Ranto <branto>
Status: CLOSED ERRATA QA Contact: Vasu Kulkarni <vakulkar>
Severity: medium Docs Contact:
Priority: high    
Version: 2.0CC: branto, ceph-qe-bugs, hnallurv, kdreyer, nlevine, uboppana, vakulkar
Target Milestone: rc   
Target Release: 2.1   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ceph-10.2.1-3.el7cp Doc Type: Bug Fix
Doc Text:
.SELinux no longer prevents "ceph-mon" and "ceph-osd" from accessing /var/lock/ and /run/lock/ Due to insufficient SELinux policy rules, SELinux denied the `ceph-mon` and `ceph-osd` daemons to access the files in the `/var/lock/` and `/run/lock/` directories. With this update, SELinux no longer prevents `ceph-mon` and `ceph-osd` from accessing `/var/lock/` and `/run/lock/`.
 Story Points: ---
Clone Of: 1330279 Environment:
Last Closed: 2016-11-22 19:25:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 2 Boris Ranto 2016-05-05 12:21:07 UTC 
This was cloned so that we would back-port

https://github.com/ceph/ceph/pull/8923
Comment 3 Ken Dreyer (Red Hat) 2016-05-06 15:38:58 UTC 
(In reply to Boris Ranto from comment #2)
> This was cloned so that we would back-port
> 
> https://github.com/ceph/ceph/pull/8923

Boris I see that PR was merged to master. Does a cherry-pick need to be merged to jewel as well?
Comment 4 Boris Ranto 2016-05-09 07:17:37 UTC 
Nathan cherry-picked it in

https://github.com/ceph/ceph/pull/8938

These should all be headed for 10.2.1 so if we will be rebasing to 10.2.1, we should be good to go. I cloned this BZ because I was not sure whether we will rebase.
Comment 5 Ken Dreyer (Red Hat) 2016-05-10 02:17:26 UTC 
The plan is to rebase to 10.2.1. We can make sure we pick up this change at that time.
Comment 6 Ken Dreyer (Red Hat) 2016-05-13 16:49:33 UTC 
v10.2.1 was tagged today and it looks like that PR did not make it in. We will take the PR's changes in the downstream RHCS packaging in the meantime.
Comment 10 Harish NV Rao 2016-06-13 11:18:33 UTC 
QA ack already given.
Comment 11 Vasu Kulkarni 2016-07-08 18:12:32 UTC 
Dont have 7.3 yet to test this, will be on hold.
Comment 14 John Poelstra 2016-08-03 21:53:36 UTC 
Moving to modified so it can be attached to future errata advisory
Comment 20 Vasu Kulkarni 2016-11-03 00:23:11 UTC 
Verified with Automated runs.
Comment 22 errata-xmlrpc 2016-11-22 19:25:50 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2815.html