1535906 – [NFS:RGW]: Unable to write on NFS mount, if selinux is enabled

Bug 1535906 - [NFS:RGW]: Unable to write on NFS mount, if selinux is enabled

Summary: [NFS:RGW]: Unable to write on NFS mount, if selinux is enabled

Keywords:
Status:	CLOSED DEFERRED
Alias:	None
Product:	Red Hat Ceph Storage
Classification:	Red Hat Storage
Component:	RGW
Sub Component:
Version:	2.5
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	urgent
Target Milestone:	z2
Target Release:	3.3
Assignee:	Matt Benjamin (redhat)
QA Contact:	Vidushi Mishra
Docs Contact:	Aron Gunn
URL:
Whiteboard:
Depends On:
Blocks:	1536401
TreeView+	depends on / blocked

Reported:	2018-01-18 09:03 UTC by Vidushi Mishra
Modified:	2019-10-30 21:59 UTC (History)
CC List:	13 users (show)
Fixed In Version:
Doc Type:	Known Issue
Doc Text:	.The `nfs-ganesha-rgw` utility cannot write to the NFS mount, if SELinux is enabled Currently, `nfs-ganesha-rgw` utility does not run in an unconfined SELinux domain. When SELinux is enabled, write operations to the NFS mount fails. To work around this issue, use SELinux in permissive mode.
Clone Of:
Environment:
Last Closed:	2019-10-30 21:59:06 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1511486	0	unspecified	CLOSED	selinux: ganesha.nfsd run in unconfined nfsd_t	2021-02-22 00:41:40 UTC
Red Hat Bugzilla	1511489	0	high	CLOSED	selinux: ganesha.nfsd run in unconfined domain	2021-02-22 00:41:40 UTC

Internal Links: 1511486 1511489

Description Vidushi Mishra 2018-01-18 09:03:31 UTC

Description of problem:

Creating directories and files fails on the NFS mount, if selinux is enabled on NFS-ganesha server. However, it succeeds when selinux is permissive.

Version-Release number of selected component (if applicable):
ceph version 10.2.10-11.el7cp 

How reproducible:
3/3

Steps to Reproduce:

1. Install nfs-ganesha-rgw and edit the ganesha.conf file as per doc https://access.qa.redhat.com/documentation/en-us/red_hat_ceph_storage/2/html-single/object_gateway_guide_for_red_hat_enterprise_linux/#exporting_the_namespace_to_nfs_ganesha
2. Enable selinux. (setenforce 1)
3. Start the Ganesha service "systemctl start nfs-ganesha", it starts successfully.
4. Mount using NFsv4, try creating directories and files. (it fails with cannot create directory ‘dir1’:Read-only file system)

[root@magna085 ubuntu]# mount -o vers=4.1 magna085:/ mnt1
[root@magna085 ubuntu]# cd mnt1
[root@magna085 mnt1]# ls
[root@magna085 mnt1]# mkdir dir1
mkdir: cannot create directory ‘dir1’: Read-only file system
[root@magna085 mnt1]# 



Actual results:
Not able to write on the NFS mount 

Expected results:
Should be able to write on the NFS mount

Additional info:
Seen both with NFSv4 and NFSv3

Note You need to log in before you can comment on or make changes to this bug.