Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1544824 - [Ganesha] : Cluster creation fails on selinux enabled/enforced nodes.
[Ganesha] : Cluster creation fails on selinux enabled/enforced nodes.
Status: CLOSED ERRATA
Product: Red Hat Gluster Storage
Classification: Red Hat
Component: nfs-ganesha (Show other bugs)
3.4
x86_64 Linux
unspecified Severity high
: ---
: RHGS 3.4.0
Assigned To: Kaleb KEITHLEY
Manisha Saini
: Regression
Depends On: 1544852
Blocks: 1503137
  Show dependency treegraph
 
Reported: 2018-02-13 10:05 EST by Ambarish
Modified: 2018-09-24 03:18 EDT (History)
10 users (show)

See Also:
Fixed In Version: glusterfs-3.12.2-5
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-09-04 02:42:41 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2018:2607 None None None 2018-09-04 02:43 EDT

  None (edit)
Description Ambarish 2018-02-13 10:05:28 EST 
Description of problem:
-----------------------

gluster nfs-ganesha enable fails to create a Ganesha HA cluster on latest RHEL 7.5 Snapshot 3.

There's an AVC denial when I try to create a cluster :

type=AVC msg=audit(1518517089.008:203): avc:  denied  { search } for  pid=14039 comm="ganesha.nfsd" name="/" dev="fuse" ino=1 scontext=system_u:system_r:ganesha_t:s0 tcontext=system_u:object_r:fusefs_t:s0 tclass=dir



From ganesha.log :

13/02/2018 05:18:09 : epoch d6150000 : gqas004.sbu.lab.eng.bos.redhat.com : ganesha.nfsd-14038[main] main :MAIN :EVENT :ganesha.nfsd Starting: Ganesha Version 2.5.5
13/02/2018 05:18:09 : epoch d6150000 : gqas004.sbu.lab.eng.bos.redhat.com : ganesha.nfsd-14039[main] main :NFS STARTUP :CRIT :Error (token scan) while parsing (/etc/ganesha/ganesha.conf)
13/02/2018 05:18:09 : epoch d6150000 : gqas004.sbu.lab.eng.bos.redhat.com : ganesha.nfsd-14039[main] config_errs_to_log :CONFIG :CRIT :Config File (<unknown file>:0): new file (/etc/ganesha/ganesha.conf) open error (Permission denied), ignored
13/02/2018 05:18:09 : epoch d6150000 : gqas004.sbu.lab.eng.bos.redhat.com : ganesha.nfsd-14039[main] main :NFS STARTUP :FATAL :Fatal errors.  Server exiting...


Version-Release number of selected component (if applicable):
-------------------------------------------------------------

[root@gqas004 ~]# rpm -qa|grep ganesha
glusterfs-ganesha-3.12.2-3.el7rhgs.x86_64
nfs-ganesha-gluster-2.5.5-2.el7rhgs.x86_64

[root@gqas004 ~]# uname -r
3.10.0-845.el7.x86_64

[root@gqas004 ~]# rpm -qa|grep selinux
selinux-policy-targeted-3.13.1-189.el7.noarch
libselinux-2.5-12.el7.x86_64
libselinux-utils-2.5-12.el7.x86_64
libselinux-python-2.5-12.el7.x86_64
selinux-policy-3.13.1-189.el7.noarch




How reproducible:
------------------

2/2 (Manisha's and my setup)
Comment 2 Ambarish 2018-02-13 10:07:59 EST 
On a fresh install (IIRC) ganesha_use_fusefs is supposed to be "on".

For some reason , we do no see this option as "on":

[root@gqas004 ~]# getsebool  ganesha_use_fusefs
ganesha_use_fusefs --> off
Comment 3 Ambarish 2018-02-13 10:08:50 EST 
**Work Around** :


Set the boolean manually :

[root@gqas004 ~]# setsebool -P ganesha_use_fusefs on

[root@gqas004 ~]# getsebool  ganesha_use_fusefs
ganesha_use_fusefs --> on
[root@gqas004 ~]# 

Cluster creation is successful post this.
Comment 9 Manisha Saini 2018-04-03 01:43:08 EDT 
Verified this BZ with-

# rpm -qa | grep ganesha
nfs-ganesha-2.5.5-3.el7rhgs.x86_64
nfs-ganesha-gluster-2.5.5-3.el7rhgs.x86_64
glusterfs-ganesha-3.12.2-6.el7rhgs.x86_64


On fresh installation of ganesha packages in 3.4,ganesha_use_fusefs is ON by default.Ganesha cluster creation is successful.

# semanage boolean -l | grep ganesha
ganesha_use_fusefs             (on   ,   on)  Allow ganesha to use fusefs


Moving this BZ to verified state.
Comment 11 errata-xmlrpc 2018-09-04 02:42:41 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:2607
Comment 12 Manisha Saini 2018-09-24 03:18:11 EDT 
Setting qe_test_coverage + with no testcase ID,since its been covered as part of every Ganesha test case
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.