Looking at all the various selinux-policy packages in RHEL and Fedora, there are policies for glusterd and nfs-ganesha in selinux-policy for RHEL7.3.z, RHEL7.4, and Fedora 26 and 27. Since they're not in Fedora 25 (and before I saw that they're in F26 and F27) I was tempted lift the policy bits from RHEL7 and add -selinux subpackages to gluster and nfs-ganesha. I'm not sure that's a good idea though at this point. In the mean time it appears that all I need to do is add either semanage boolean -m ganesha_use_fusefs --on or the %selinux_{set,unset}_booleans to %post ganesha and %postun ganesha in the glusterfs.spec. for Fedora 26 and later. Until {RHEL,CentOS} 7.4 ships this can't be added for RHEL as rpm packaging is not able to discriminate between there are no CentOS Z-Stream releases and rpm packages don't distinguish between 7.3 and 7.4
REVIEW: https://review.gluster.org/17597 (common-ha: enable and disable selinux ganesha_use_fusefs) posted (#1) for review on release-3.10 by Kaleb KEITHLEY (kkeithle)
REVIEW: https://review.gluster.org/17597 (common-ha: enable and disable selinux ganesha_use_fusefs) posted (#2) for review on release-3.10 by Kaleb KEITHLEY (kkeithle)
REVIEW: https://review.gluster.org/17597 (common-ha: enable and disable selinux ganesha_use_fusefs) posted (#3) for review on release-3.10 by Kaleb KEITHLEY (kkeithle)
COMMIT: https://review.gluster.org/17597 committed in release-3.10 by Kaleb KEITHLEY (kkeithle) ------ commit 5ad6e1e07f5304deb022ebd54dbbdac6f9c651fb Author: Kaleb S. KEITHLEY <kkeithle> Date: Wed Jun 21 10:01:20 2017 -0400 common-ha: enable and disable selinux ganesha_use_fusefs Starting in Fedora 26 and RHEL 7.4 there are new targeted policies in selinux which include a tuneable to allow ganesha.nfsd to access the gluster (FUSE) shared_storage volume where ganesha maintains its state. N.B. rpm doesn't have a way to distinguish between RHEL 7.3 or 7.4 so it can't be enabled for RHEL at this time. /usr/sbin/semanage is in policycoreutils-python in RHEL (versus policycoreutils-python-utils in Fedora.) Once RHEL 7.4 GAs we may also wish to specify the version for RHEL 7 explicitly, i.e. Requires: selinux-policy >= 3.13.1-160. But beware, the corresponding version in Fedora 26 seems to be selinux-policy-3.13.1.258 or so. (Maybe earlier versions, but that's what's currently in the F26 beta. release-3.10 is the upstream master branch for glusterfs-ganesha. For release-3.11 and later storhaug needs a similar change, which is tracked by https://github.com/linux-ha-storage/storhaug/issues/11 Maybe at some point we would want to consider migrating the targeted policies for glusterfs (and nfs-ganesha) from selinux-policy to a glusterfs-selinux (and nfs-ganesha-selinux) subpackage? Change-Id: I04a5443edd00636cbded59a2baddfa98095bf7ac BUG: 1463641 Signed-off-by: Kaleb S. KEITHLEY <kkeithle> Reviewed-on: https://review.gluster.org/17597 Smoke: Gluster Build System <jenkins.org> Reviewed-by: Niels de Vos <ndevos> Reviewed-by: jiffin tony Thottan <jthottan> CentOS-regression: Gluster Build System <jenkins.org>
This bug reported is against a version of Gluster that is no longer maintained (or has been EOL'd). See https://www.gluster.org/release-schedule/ for the versions currently maintained. As a result this bug is being closed. If the bug persists on a maintained version of gluster or against the mainline gluster repository, request that it be reopened and the Version field be marked appropriately.