Red Hat Bugzilla – Bug 1471917
[GANESHA] Ganesha setup creation fails due to selinux blocking some services required for setup creation
Last modified: 2017-08-21 09:41:22 EDT
After upgrade of selinux-policy packages, please enable the gluster_use_execmem boolean to make the scenario work.
REVIEW: https://review.gluster.org/17806 (common-ha: enable and disable selinux gluster_use_execmem) posted (#1) for review on release-3.10 by Kaleb KEITHLEY (firstname.lastname@example.org)
REVIEW: https://review.gluster.org/17806 (common-ha: enable and disable selinux gluster_use_execmem) posted (#2) for review on release-3.10 by Kaleb KEITHLEY (email@example.com)
COMMIT: https://review.gluster.org/17806 committed in release-3.10 by Kaleb KEITHLEY (firstname.lastname@example.org)
Author: Kaleb S. KEITHLEY <email@example.com>
Date: Mon Jul 17 11:07:40 2017 -0400
common-ha: enable and disable selinux gluster_use_execmem
Starting in Fedora 26 and RHEL 7.4 there are new targeted policies in
selinux which include a tuneable to allow glusterd->ganesha-ha.sh->pcs
to access the pcs config, i.e. gluster-use-execmem.
Note. rpm doesn't have a way to distinguish between RHEL 7.3 or 7.4
or between 3.13.1-X and 3.13.1-Y so it can't be enabled for RHEL at
/usr/sbin/semanage is in policycoreutils-python in RHEL (versus
policycoreutils-python-utils in Fedora.)
Requires selinux-policy >= 3.13.1-160 in RHEL7. The corresponding
version in Fedora 26 seems to be selinux-policy-3.13.1-259 or so. (Maybe
earlier versions, but that's what was in F26 when I checked.)
Signed-off-by: Kaleb S. KEITHLEY <firstname.lastname@example.org>
Smoke: Gluster Build System <email@example.com>
CentOS-regression: Gluster Build System <firstname.lastname@example.org>
Reviewed-by: soumya k <email@example.com>
Reviewed-by: Atin Mukherjee <firstname.lastname@example.org>
This bug is getting closed because a release has been made available that should address the reported issue. In case the problem is still not fixed with glusterfs-3.10.5, please open a new bug report.
glusterfs-3.10.5 has been announced on the Gluster mailinglists , packages for several distributions should become available in the near future. Keep an eye on the Gluster Users mailinglist  and the update infrastructure for your distribution.