1458257 – [libgfapi] selinux boolean needs to be turned on for QEMU to dump the glusterfs client statedump

Bug 1458257 - [libgfapi] selinux boolean needs to be turned on for QEMU to dump the glusterfs client statedump

Summary: [libgfapi] selinux boolean needs to be turned on for QEMU to dump the gluster...

Keywords:
Status:	CLOSED DEFERRED
Alias:	None
Product:	vdsm
Classification:	oVirt
Component:	Core
Sub Component:
Version:	4.20.0
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Nobody
QA Contact:	SATHEESARAN
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1489363
TreeView+	depends on / blocked

Reported:	2017-06-02 12:10 UTC by SATHEESARAN
Modified:	2022-01-18 12:44 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1489363 (view as bug list)
Environment:
Last Closed:	2019-03-21 11:27:10 UTC
oVirt Team:	Gluster
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHV-44496	None	None	None	2022-01-18 12:44:46 UTC
oVirt gerrit	81088	'None'	MERGED	Enabled selinux boolean virt_use_glusterd for glusterd	2020-10-05 11:02:49 UTC
oVirt gerrit	81388	'None'	ABANDONED	Enabled selinux boolean virt_use_glusterd for glusterd	2020-10-05 11:02:50 UTC

Description SATHEESARAN 2017-06-02 12:10:06 UTC

Description of problem:
-----------------------
The selinux avc denial issue will be fixed by introducing new selinux boolean that needs to be turned on.

Version-Release number of selected component (if applicable):
--------------------------------------------------------------
ovirt-4.1.2
vdsm-api-4.19.15-1.el7ev.noarch
vdsm-jsonrpc-4.19.15-1.el7ev.noarch
vdsm-python-4.19.15-1.el7ev.noarch
vdsm-yajsonrpc-4.19.15-1.el7ev.noarch
vdsm-hook-vmfex-dev-4.19.15-1.el7ev.noarch
vdsm-xmlrpc-4.19.15-1.el7ev.noarch
vdsm-4.19.15-1.el7ev.x86_64
vdsm-cli-4.19.15-1.el7ev.noarch

How reproducible:
-----------------
Always

Steps to Reproduce:
-------------------
1. Check for selinux boolean that is enabled for glusterd ( virt_use_glusterd )

Actual results:
---------------
selinux boolean 'virt_use_glusterd' boolean is disabled

Expected results:
-----------------
selinux boolean - 'virt_use_glusterd' boolean should be enabled

Comment 5 Dan Kenigsberg 2017-09-04 19:05:01 UTC

Patch was reverted from vdsm https://gerrit.ovirt.org/#/c/81409/
since it caused constant failure in ovirt-system-tests.

Please repost it after making sure it passes there http://jenkins.ovirt.org/job/ovirt-system-tests_manual/

Comment 6 Gobinda Das 2017-10-03 11:29:19 UTC

Currently selinux boolean "virt_use_glusterd" is not available in selinux-policy.
Waiting for "virt_use_glusterd" to available in selinux-policy.

Comment 7 Sandro Bonazzola 2018-02-12 10:02:07 UTC

This needs to go to 4.2 since we are not releasing any further oVirt 4.1 releases.

Comment 8 Sandro Bonazzola 2019-01-28 09:36:37 UTC

This bug has not been marked as blocker for oVirt 4.3.0.
Since we are releasing it tomorrow, January 29th, this bug has been re-targeted to 4.3.1.

Comment 9 Gobinda Das 2019-02-27 10:56:42 UTC

Ovirt-4.3.1 already released, so moving to ovirt-4.3.2

Comment 10 Sahina Bose 2019-03-21 11:27:10 UTC

Closing this bug as enabling gfapi has a lower priority at the moment

Note You need to log in before you can comment on or make changes to this bug.