Bug 1447597 - RFE : SELinux translator to support setting SELinux contexts on files in a glusterfs volume
Summary: RFE : SELinux translator to support setting SELinux contexts on files in a gl...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: GlusterFS
Classification: Community
Component: core
Version: 3.11
Hardware: All
OS: Unspecified
medium
medium
Target Milestone: ---
Assignee: Jiffin
QA Contact:
URL:
Whiteboard:
Depends On: 1318100
Blocks: glusterfs-3.11.0
TreeView+ depends on / blocked
 
Reported: 2017-05-03 09:44 UTC by Niels de Vos
Modified: 2017-05-30 18:51 UTC (History)
2 users (show)

Fixed In Version: glusterfs-3.11.0
Doc Type: Enhancement
Doc Text:
Clone Of: 1318100
Environment:
Last Closed: 2017-05-30 18:51:45 UTC
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github https://github.com/gluster glusterfs issues 55 None None None 2017-05-03 09:44:26 UTC

Description Niels de Vos 2017-05-03 09:44:26 UTC
Backport of the SELinux xlator is needed to get the feature in 3.11.0.

--- Additional comment

COMMIT: https://review.gluster.org/13762 committed in master by Niels de Vos (ndevos@redhat.com) 
------
commit 6484558c7502e5afe1c96081dbe329ca5d9cb7e2
Author: Manikandan Selvaganesh <mselvaga@redhat.com>
Date:   Wed Mar 16 21:37:22 2016 +0530

    SELinux : implementation of SELinux translator
    
    The patch implement a part of SELinux translator to support setting
    SELinux contexts on files in a glusterfs volume.
    
    URL: https://github.com/gluster/glusterfs-specs/blob/master/accepted/SELinux-client-support.md
    
    Change-Id: Id8916bd8e064ccf74ba86225ead95f86dc5a1a25
    BUG: 1318100
    Fixes : #55
    Signed-off-by: Manikandan Selvaganesh <mselvaga@redhat.com>
    Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com>
    Signed-off-by: Niels de Vos <ndevos@redhat.com>
    Reviewed-on: https://review.gluster.org/13762
    Smoke: Gluster Build System <jenkins@build.gluster.org>
    NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
    CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
    Reviewed-by: Manikandan Selvaganesh <manikandancs333@gmail.com>
    Reviewed-by: Atin Mukherjee <amukherj@redhat.com>

Comment 1 Niels de Vos 2017-05-03 09:45:17 UTC
Also needs a backport of https://review.gluster.org/6630

Comment 2 Worker Ant 2017-05-03 10:11:17 UTC
REVIEW: https://review.gluster.org/17157 (extras/hook-scripts: SELinux brick file context management scripts) posted (#1) for review on release-3.11 by Niels de Vos (ndevos@redhat.com)

Comment 3 Worker Ant 2017-05-03 10:48:44 UTC
REVIEW: https://review.gluster.org/17159 (SELinux : implementation of SELinux translator) posted (#1) for review on release-3.11 by jiffin tony Thottan (jthottan@redhat.com)

Comment 4 Worker Ant 2017-05-04 12:20:29 UTC
COMMIT: https://review.gluster.org/17159 committed in release-3.11 by Kaushal M (kaushal@redhat.com) 
------
commit 845f67fce0aa17b5e10b80a4007d5d5c549084a0
Author: Manikandan Selvaganesh <mselvaga@redhat.com>
Date:   Wed Mar 16 21:37:22 2016 +0530

    SELinux : implementation of SELinux translator
    
    The patch implement a part of SELinux translator to support setting
    SELinux contexts on files in a glusterfs volume.
    
    URL: https://github.com/gluster/glusterfs-specs/blob/master/accepted/SELinux-client-support.md
    
    Upstream reference :
    >Change-Id: Id8916bd8e064ccf74ba86225ead95f86dc5a1a25
    >BUG: 1318100
    >Fixes : #55
    >Signed-off-by: Manikandan Selvaganesh <mselvaga@redhat.com>
    >Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com>
    >Signed-off-by: Niels de Vos <ndevos@redhat.com>
    >Reviewed-on: https://review.gluster.org/13762
    >Smoke: Gluster Build System <jenkins@build.gluster.org>
    >NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
    >CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
    >Reviewed-by: Manikandan Selvaganesh <manikandancs333@gmail.com>
    >Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
    
    Change-Id: Id8916bd8e064ccf74ba86225ead95f86dc5a1a25
    BUG: 1447597
    Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com>
    Reviewed-on: https://review.gluster.org/17159
    Reviewed-by: Niels de Vos <ndevos@redhat.com>
    Smoke: Gluster Build System <jenkins@build.gluster.org>
    NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
    CentOS-regression: Gluster Build System <jenkins@build.gluster.org>

Comment 5 Worker Ant 2017-05-04 12:25:17 UTC
COMMIT: https://review.gluster.org/17157 committed in release-3.11 by Kaushal M (kaushal@redhat.com) 
------
commit 3fe8119ed80d82d0a4ae5beba6b0712d0dda691b
Author: Niels de Vos <ndevos@redhat.com>
Date:   Wed May 3 12:02:40 2017 +0200

    extras/hook-scripts: SELinux brick file context management scripts
    
    The SELinux policy for gluster defines the glusterd_brick_t type to
    support server side SELinux (e.g., server side labels). Add
    convenience hook scripts that users/packagers can install to ensure
    that new bricks are labeled correctly.
    
    The volume create hook script adds a new SELinux file context for
    each brick path and runs a restorecon to label the brick. The
    volume delete hook removes the per-brick SELinux file context.
    
    Cherry picked from commit 859669759f7fa0f2114add13660ce3bf16c77f30:
    > Change-Id: I5f102db5382d813c4d822ff74e873a7a669b41db
    > BUG: 1047975
    > Signed-off-by: Brian Foster <bfoster@redhat.com>
    > Signed-off-by: Niels de Vos <ndevos@redhat.com>
    > Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com>
    > Reviewed-on: https://review.gluster.org/6630
    > Smoke: Gluster Build System <jenkins@build.gluster.org>
    > NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
    > CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
    > Reviewed-by: Kaleb KEITHLEY <kkeithle@redhat.com>
    
    Change-Id: I5f102db5382d813c4d822ff74e873a7a669b41db
    BUG: 1447597
    Signed-off-by: Niels de Vos <ndevos@redhat.com>
    Reviewed-on: https://review.gluster.org/17157
    Smoke: Gluster Build System <jenkins@build.gluster.org>
    NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org>
    CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
    Reviewed-by: jiffin tony Thottan <jthottan@redhat.com>

Comment 6 Shyamsundar 2017-05-30 18:51:45 UTC
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.11.0, please open a new bug report.

glusterfs-3.11.0 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://lists.gluster.org/pipermail/announce/2017-May/000073.html
[2] https://www.gluster.org/pipermail/gluster-users/


Note You need to log in before you can comment on or make changes to this bug.