Bug 1471917 - [GANESHA] Ganesha setup creation fails due to selinux blocking some services required for setup creation
Summary: [GANESHA] Ganesha setup creation fails due to selinux blocking some services ...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: GlusterFS
Classification: Community
Component: common-ha
Version: 3.10
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: ---
Assignee: Kaleb KEITHLEY
QA Contact:
URL:
Whiteboard:
Depends On: 1469027
Blocks: 1461098 1466144 1466343
TreeView+ depends on / blocked
 
Reported: 2017-07-17 16:22 UTC by Kaleb KEITHLEY
Modified: 2017-08-21 13:41 UTC (History)
23 users (show)

Fixed In Version: glusterfs-3.10.5
Clone Of: 1469027
Environment:
Last Closed: 2017-08-21 13:41:22 UTC
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Embargoed:

Attachments (Terms of Use)

Comment 1 Kaleb KEITHLEY 2017-07-17 16:24:07 UTC 
After upgrade of selinux-policy packages, please enable the gluster_use_execmem boolean to make the scenario work.
Comment 2 Worker Ant 2017-07-17 16:24:25 UTC 
REVIEW: https://review.gluster.org/17806 (common-ha: enable and disable selinux gluster_use_execmem) posted (#1) for review on release-3.10 by Kaleb KEITHLEY (kkeithle)
Comment 3 Worker Ant 2017-07-27 15:40:32 UTC 
REVIEW: https://review.gluster.org/17806 (common-ha: enable and disable selinux gluster_use_execmem) posted (#2) for review on release-3.10 by Kaleb KEITHLEY (kkeithle)
Comment 4 Worker Ant 2017-07-28 12:28:45 UTC 
COMMIT: https://review.gluster.org/17806 committed in release-3.10 by Kaleb KEITHLEY (kkeithle) 
------
commit da9f6e9a4123645a20b664a1c167599b64591f7c
Author: Kaleb S. KEITHLEY <kkeithle>
Date:   Mon Jul 17 11:07:40 2017 -0400

    common-ha: enable and disable selinux gluster_use_execmem
    
    Starting in Fedora 26 and RHEL 7.4 there are new targeted policies in
    selinux which include a tuneable to allow glusterd->ganesha-ha.sh->pcs
    to access the pcs config, i.e. gluster-use-execmem.
    
    Note. rpm doesn't have a way to distinguish between RHEL 7.3 or 7.4
    or between 3.13.1-X and 3.13.1-Y so it can't be enabled for RHEL at
    this time.
    
    /usr/sbin/semanage is in policycoreutils-python in RHEL (versus
    policycoreutils-python-utils in Fedora.)
    
    Requires selinux-policy >= 3.13.1-160 in RHEL7. The corresponding
    version in Fedora 26 seems to be selinux-policy-3.13.1-259 or so. (Maybe
    earlier versions, but that's what was in F26 when I checked.)
    
    Change-Id: Ic474b3f7739ff5be1e99d94d00b55caae4ceb5a0
    BUG: 1471917
    Signed-off-by: Kaleb S. KEITHLEY <kkeithle>
    Reviewed-on: https://review.gluster.org/17806
    Smoke: Gluster Build System <jenkins.org>
    CentOS-regression: Gluster Build System <jenkins.org>
    Reviewed-by: soumya k <skoduri>
    Reviewed-by: Atin Mukherjee <amukherj>
Comment 5 Shyamsundar 2017-08-21 13:41:22 UTC 
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.10.5, please open a new bug report.

glusterfs-3.10.5 has been announced on the Gluster mailinglists [1], packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist [2] and the update infrastructure for your distribution.

[1] http://lists.gluster.org/pipermail/announce/2017-August/000079.html
[2] https://www.gluster.org/pipermail/gluster-users/
Note You need to log in before you can comment on or make changes to this bug.