Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
This project is now read‑only. Starting Monday, February 2, please use https://ibm-ceph.atlassian.net/ for all bug tracking management.

Bug 1535906

Summary: [NFS:RGW]: Unable to write on NFS mount, if selinux is enabled
Product: [Red Hat Storage] Red Hat Ceph Storage Reporter: Vidushi Mishra <vimishra>
Component: RGWAssignee: Matt Benjamin (redhat) <mbenjamin>
Status: CLOSED DEFERRED QA Contact: Vidushi Mishra <vimishra>
Severity: urgent Docs Contact: Aron Gunn <agunn>
Priority: medium    
Version: 2.5CC: agunn, anharris, cbodley, ceph-eng-bugs, hnallurv, kbader, kkeithle, mbenjamin, mhackett, pasik, sweil, tchandra, tserlin
Target Milestone: z2Keywords: Regression
Target Release: 3.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Known Issue
Doc Text:
.The `nfs-ganesha-rgw` utility cannot write to the NFS mount, if SELinux is enabled Currently, `nfs-ganesha-rgw` utility does not run in an unconfined SELinux domain. When SELinux is enabled, write operations to the NFS mount fails. To work around this issue, use SELinux in permissive mode.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2019-10-30 21:59:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1536401    

Description Vidushi Mishra 2018-01-18 09:03:31 UTC 
Description of problem:

Creating directories and files fails on the NFS mount, if selinux is enabled on NFS-ganesha server. However, it succeeds when selinux is permissive.

Version-Release number of selected component (if applicable):
ceph version 10.2.10-11.el7cp 

How reproducible:
3/3

Steps to Reproduce:

1. Install nfs-ganesha-rgw and edit the ganesha.conf file as per doc https://access.qa.redhat.com/documentation/en-us/red_hat_ceph_storage/2/html-single/object_gateway_guide_for_red_hat_enterprise_linux/#exporting_the_namespace_to_nfs_ganesha
2. Enable selinux. (setenforce 1)
3. Start the Ganesha service "systemctl start nfs-ganesha", it starts successfully.
4. Mount using NFsv4, try creating directories and files. (it fails with cannot create directory ‘dir1’:Read-only file system)

[root@magna085 ubuntu]# mount -o vers=4.1 magna085:/ mnt1
[root@magna085 ubuntu]# cd mnt1
[root@magna085 mnt1]# ls
[root@magna085 mnt1]# mkdir dir1
mkdir: cannot create directory ‘dir1’: Read-only file system
[root@magna085 mnt1]# 



Actual results:
Not able to write on the NFS mount 

Expected results:
Should be able to write on the NFS mount

Additional info:
Seen both with NFSv4 and NFSv3