1533414 – current openstack-selinux does not allow to write to /var/lib/gnocchi if it's NFS, solved upstream ?

Bug 1533414 - current openstack-selinux does not allow to write to /var/lib/gnocchi if it's NFS, solved upstream ?

Summary: current openstack-selinux does not allow to write to /var/lib/gnocchi if it's...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	openstack-selinux
Sub Component:
Version:	11.0 (Ocata)
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	low
Target Milestone:	z4
Target Release:	11.0 (Ocata)
Assignee:	Lon Hohberger
QA Contact:	Udi Shkalim
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-01-11 10:00 UTC by Eduard Barrera
Modified:	2022-08-16 11:28 UTC (History)
CC List:	5 users (show)
Fixed In Version:	openstack-selinux-0.8.11-1.el7ost
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2018-02-13 16:39:35 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	OSP-4821	0	None	None	None	2022-08-16 11:28:53 UTC
Red Hat Product Errata	RHBA-2018:0311	0	normal	SHIPPED_LIVE	Red Hat OpenStack Platform 11 Bug Fix and Enhancement Advisory	2018-02-14 00:05:57 UTC

Description Eduard Barrera 2018-01-11 10:00:30 UTC

Description of problem:

2017-12-08 10:53:26.813 163375 ERROR gnocchi.storage._carbonara   File "/usr/lib/python2.7/site-packages/gnocchi/storage/_carbonara.py", line 468, in process_new_measures
2017-12-08 10:53:26.813 163375 ERROR gnocchi.storage._carbonara     self._compute_and_store_timeseries(metric, measures)
2017-12-08 10:53:26.813 163375 ERROR gnocchi.storage._carbonara   File "/usr/lib/python2.7/site-packages/gnocchi/storage/_carbonara.py", line 499, in _compute_and_store_timeseries
2017-12-08 10:53:26.813 163375 ERROR gnocchi.storage._carbonara     self._create_metric(metric)
2017-12-08 10:53:26.813 163375 ERROR gnocchi.storage._carbonara   File "/usr/lib/python2.7/site-packages/gnocchi/storage/file.py", line 74, in _create_metric
2017-12-08 10:53:26.813 163375 ERROR gnocchi.storage._carbonara     os.mkdir(path, 0o750)
2017-12-08 10:53:26.813 163375 ERROR gnocchi.storage._carbonara OSError: [Errno 13] Permission denied: '/var/lib/gnocchi/57d281f4-111e-4f22-b231-1d6a523ad790'
2017-12-08 10:53:26.813 163375 ERROR gnocchi.storage._carbonara
2017-12-08 10:53:26.896 163388 ERROR gnocchi.storage._carbonara [-] Error processing new measures
2017-12-08 10:53:26.896 163388 ERROR gnocchi.storage._carbonara Traceback (most recent call last):
2017-12-08 10:53:26.896 163388 ERROR gnocchi.storage._carbonara   File "/usr/lib/python2.7/site-packages/gnocchi/storage/_carbonara.py", line 468, in process_new_measures
2017-12-08 10:53:26.896 163388 ERROR gnocchi.storage._carbonara     self._compute_and_store_timeseries(metric, measures)
2017-12-08 10:53:26.896 163388 ERROR gnocchi.storage._carbonara   File "/usr/lib/python2.7/site-packages/gnocchi/storage/_carbonara.py", line 499, in _compute_and_store_timeseries
2017-12-08 10:53:26.896 163388 ERROR gnocchi.storage._carbonara     self._create_metric(metric)
2017-12-08 10:53:26.896 163388 ERROR gnocchi.storage._carbonara   File "/usr/lib/python2.7/site-packages/gnocchi/storage/file.py", line 74, in _create_metric

2017-12-08 10:53:26.896 163388 ERROR gnocchi.storage._carbonara     os.mkdir(path, 0o750)
2017-12-08 10:53:26.896 163388 ERROR gnocchi.storage._carbonara OSError: [Errno 13] Permission denied: '/var/lib/gnocchi/d5284435-a3d9-4758-9f30-36f74955a08c'
2



192.168.11.12:/NOCCHI_1 on /var/lib/gnocchi type nfs4 (rw,relatime,sync,vers=4.1,rsize=65536,wsize=65536,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=10.0.0.0,local_lock=none,addr=10.0.0.0)

It's solved here:

 os-gnocchi: Introduce boolean for NFS usage 

    https://github.com/redhat-openstack/openstack-selinux/commit/ce13ba72c9148791e32d7d54f7ffaf27c88bb76f


Version-Release number of selected component (if applicable):
OSP 11

How reproducible:
always

Steps to Reproduce:
1. mount a nfs volume on /var/lib/gnocchi
2.
3.

Actual results:
ERRORS

Expected results:
able to write

Additional info:

Comment 5 Eduard Barrera 2018-01-26 15:31:32 UTC

Does it require to reboot the server in order to get the rules applied ? is relabel required ?

Comment 9 errata-xmlrpc 2018-02-13 16:39:35 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0311

Note You need to log in before you can comment on or make changes to this bug.