Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1458257

Summary: [libgfapi] selinux boolean needs to be turned on for QEMU to dump the glusterfs client statedump
Product: [oVirt] vdsm Reporter: SATHEESARAN <sasundar>
Component: CoreAssignee: Nobody <nobody>
Status: CLOSED DEFERRED QA Contact: SATHEESARAN <sasundar>
Severity: high Docs Contact:
Priority: high    
Version: 4.20.0CC: bugs, danken, fkust, godas, sabose, sasundar
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1489363 (view as bug list) Environment:
Last Closed: 2019-03-21 11:27:10 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Gluster RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1489363    

Description SATHEESARAN 2017-06-02 12:10:06 UTC 
Description of problem:
-----------------------
The selinux avc denial issue will be fixed by introducing new selinux boolean that needs to be turned on.

Version-Release number of selected component (if applicable):
--------------------------------------------------------------
ovirt-4.1.2
vdsm-api-4.19.15-1.el7ev.noarch
vdsm-jsonrpc-4.19.15-1.el7ev.noarch
vdsm-python-4.19.15-1.el7ev.noarch
vdsm-yajsonrpc-4.19.15-1.el7ev.noarch
vdsm-hook-vmfex-dev-4.19.15-1.el7ev.noarch
vdsm-xmlrpc-4.19.15-1.el7ev.noarch
vdsm-4.19.15-1.el7ev.x86_64
vdsm-cli-4.19.15-1.el7ev.noarch

How reproducible:
-----------------
Always

Steps to Reproduce:
-------------------
1. Check for selinux boolean that is enabled for glusterd ( virt_use_glusterd )

Actual results:
---------------
selinux boolean 'virt_use_glusterd' boolean is disabled

Expected results:
-----------------
selinux boolean - 'virt_use_glusterd' boolean should be enabled
Comment 5 Dan Kenigsberg 2017-09-04 19:05:01 UTC 
Patch was reverted from vdsm https://gerrit.ovirt.org/#/c/81409/
since it caused constant failure in ovirt-system-tests.

Please repost it after making sure it passes there http://jenkins.ovirt.org/job/ovirt-system-tests_manual/
Comment 6 Gobinda Das 2017-10-03 11:29:19 UTC 
Currently selinux boolean "virt_use_glusterd" is not available in selinux-policy.
Waiting for "virt_use_glusterd" to available in selinux-policy.
Comment 7 Sandro Bonazzola 2018-02-12 10:02:07 UTC 
This needs to go to 4.2 since we are not releasing any further oVirt 4.1 releases.
Comment 8 Sandro Bonazzola 2019-01-28 09:36:37 UTC 
This bug has not been marked as blocker for oVirt 4.3.0.
Since we are releasing it tomorrow, January 29th, this bug has been re-targeted to 4.3.1.
Comment 9 Gobinda Das 2019-02-27 10:56:42 UTC 
Ovirt-4.3.1 already released, so moving to ovirt-4.3.2
Comment 10 Sahina Bose 2019-03-21 11:27:10 UTC 
Closing this bug as enabling gfapi has a lower priority at the moment