1466500 – [DOC] Need to recommend setting mount-time context on SELINUX clusters

Bug 1466500 - [DOC] Need to recommend setting mount-time context on SELINUX clusters

Summary: [DOC] Need to recommend setting mount-time context on SELINUX clusters

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	Documentation
Sub Component:
Version:	2.3
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	rc
Target Release:	3.0
Assignee:	Aron Gunn
QA Contact:	ceph-qe-bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1496210
TreeView+	depends on / blocked

Reported:	2017-06-29 20:07 UTC by Mike Hackett
Modified:	2017-12-26 03:41 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-12-26 03:41:31 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Mike Hackett 2017-06-29 20:07:47 UTC

Description of problem:
We should strongly encourage any customer running with SELinux enforcing to add a static SELinux context to the OSD mount options in the install guide.

https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/2/html-single/installation_guide_for_red_hat_enterprise_linux/

[osd]
osd_mount_options_xfs=rw,noatime,inode64,context="system_u:object_r:ceph_var_lib_t:s0"

We see in environments with a large number of objects per PG, the directory enumeration speed is negatively impacted by the addition of xattr queries which accompany SELinux context verification.  Setting the context at the mount option removes the xattr lookups for context and helps overall disk performance, especially on slower disks.

Version-Release number of selected component (if applicable):
2.x

Note You need to log in before you can comment on or make changes to this bug.