Description of problem: GlusterFS volumes of RDMA transport fails to fuse mount with following AVCs seen from audit logs: type=AVC msg=audit(1475736079.350:10478): avc: denied { ipc_lock } for pid=2686 comm="glusterfs" capability=14 scontext=unconfined_u:system_r:glusterd_t:s0 tcontext=unconfined_u:system_r:glusterd_t:s0 tclass=capability type=AVC msg=audit(1475736154.614:10485): avc: denied { ipc_lock } for pid=2309 comm="glusterd" capability=14 scontext=unconfined_u:system_r:glusterd_t:s0 tcontext=unconfined_u:system_r:glusterd_t:s0 tclass=capability Version-Release number of selected component (if applicable): Red Hat Gluster Storage Server 3.1 Update 3 Red Hat Enterprise Linux Server release 6.8 (Santiago) How reproducible: Always Steps to Reproduce: 1. Set up RDMA stack based on IPoIB. 2. Make sure that SELinux mode is set to 'Enforcing'. 3. Create a simple 1 brick volume with transport type RDMA 4. Start the volume 5. Try fuse mounting the volume Actual results: Mount failed. Please check the log file for more details. Expected results: Mount should be successful. Additional info: mount log snippet ----------------- [2016-10-06 07:20:48.678876] W [MSGID: 103071] [rdma.c:1294:gf_rdma_cm_event_handler] 0-vol-client-0: cma event RDMA_CM_EVENT_REJECTED, error 28 (me:192.168.1.6:1023 peer:192.168.1.6:24008) Note:- Changing SELinux mode to permissive solves the issue.
Verified this bug using: RHGS: glusterfs-3.8.4-3. RHEL: RHEL6.8 Selinux version: 3.7.19-303.el6 Reported issue not seen with above packages versions. "Verification details": Result with selinux build: 3.7.19-292.el6 // Issue reproduced. ========================================= AVC messages: ------------- type=AVC msg=audit(1478855876.567:386280): avc: denied { ipc_lock } for pid=16127 comm="glusterd" capability=14 scontext=unconfined_u:system_r:glusterd_t:s0 tcontext=unconfined_u:system_r:glusterd_t:s0 tclass=capability type=AVC msg=audit(1478855876.567:386280): avc: denied { ipc_lock } for pid=16127 comm="glusterd" capability=14 scontext=unconfined_u:system_r:glusterd_t:s0 tcontext=unconfined_u:system_r:glusterd_t:s0 tclass=capability [root@rhs-cli-10 ~]# Mount failure and messages in mount log: ---------------------------------------- ~]# mount -t glusterfs 192.168.1.6:/Dis /mnt Mount failed. Please check the log file for more details. [2016-11-11 09:17:56.572425] W [MSGID: 103071] [rdma.c:1294:gf_rdma_cm_event_handler] 0-Dis-client-0: cma event RDMA_CM_EVENT_REJECTED, error 28 (me:192.168.1.6:1021 peer:192.168.1.6:24008) [2016-11-11 09:18:00.750010] W [MSGID: 103071] [rdma.c:1294:gf_rdma_cm_event_handler] 0-Dis-client-1: cma event RDMA_CM_EVENT_REJECTED, error 28 (me:192.168.1.6:1020 peer:192.168.1.6:24008) Result with selinux build: 3.7.19-303.el6 // Issue not seen ========================================= [root@rhs-cli-10 ~]# [root@rhs-cli-10 ~]# mount -t glusterfs 192.168.1.6:/Dis /mnt [root@rhs-cli-10 ~]# Mount happened and no unexpected messages in mount log and audit log. Moving to verified state.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHSA-2017-0484.html