Hide Forgot
Here is a workaround until an official fix becomes available: # cat glusterfs-rdma.te policy_module(glusterfs-rdma, 1.0) require { type glusterd_t; type infiniband_device_t; class capability { ipc_lock }; class chr_file { getattr open read write }; } allow glusterd_t glusterd_t : capability { ipc_lock }; allow glusterd_t infiniband_device_t : chr_file { getattr open read write }; # make -f /usr/share/selinux/devel/Makefile Compiling targeted glusterfs-rdma module /usr/bin/checkmodule: loading policy configuration from tmp/glusterfs-rdma.tmp /usr/bin/checkmodule: policy configuration loaded /usr/bin/checkmodule: writing binary representation (version 17) to tmp/glusterfs-rdma.mod Creating targeted glusterfs-rdma.pp policy package rm tmp/glusterfs-rdma.mod.fc tmp/glusterfs-rdma.mod # semodule -i glusterfs-rdma.pp # The Makefile comes from selinux-policy-devel package.
Hi Miroslav, With the local policy provided in Comment #1, I could create, start and fuse mount RDMA transport type GlusterFS volumes and AVCs from bug description are no longer seen.
(In reply to Anoop C S from comment #5) > Hi Miroslav, > > With the local policy provided in Comment #1, I could create, start and fuse > mount RDMA transport type GlusterFS volumes and AVCs from bug description > are no longer seen. Great. Thank you for testing.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:1861