1635466 – [Ganesha] Selinux package upgrade is causing error messages/failures related to "ganesha_use_fusefs" boolean and ganesha log file while upgrading from RHEL7.5/RHGS 3.4 to RHEL7.6/RHGS 3.4.1

Bug 1635466 - [Ganesha] Selinux package upgrade is causing error messages/failures related to "ganesha_use_fusefs" boolean and ganesha log file while upgrading from RHEL7.5/RHGS 3.4 to RHEL7.6/RHGS 3.4.1

Summary: [Ganesha] Selinux package upgrade is causing error messages/failures related ...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Gluster Storage
Classification:	Red Hat Storage
Component:	nfs-ganesha
Sub Component:
Version:	rhgs-3.4
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Kaleb KEITHLEY
QA Contact:	Manisha Saini
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2018-10-03 02:24 UTC by Manisha Saini
Modified:	2020-05-14 10:47 UTC (History)
CC List:	12 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-05-06 12:33:45 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1511489	0	high	CLOSED	selinux: ganesha.nfsd run in unconfined domain	2021-02-22 00:41:40 UTC

Internal Links: 1511489

Description Manisha Saini 2018-10-03 02:24:14 UTC

Description of problem:

While performing inservice upgrade of ganesha cluster from RHEL7.5/RHGS 3.4 to RHEL7.6/RHGS 3.4.1, error messages related to ganesha_use_fusefs boolean and ganesha log file are seen while packages upgrade is in process.

Whereas ganesha process comes up successfully without any failures while performing in-service upgrade.

------------

    libsepol.context_from_record: type ganesha_var_log_t is not defined (No such file or directory).
    libsepol.context_from_record: could not create context structure (Invalid argument).
    libsemanage.validate_handler: invalid context system_u:object_r:ganesha_var_log_t:s0 specified for /var/log/ganesha [all files] (Invalid argument).
    libsemanage.dbase_llist_iterate: could not iterate over records (Invalid argument).
    /usr/sbin/semodule:  Failed!
      Updating   : selinux-policy-targeted-3.13.1-223.el7.noarch                                                                              195/757
    Re-declaration of typealias ganesha_var_log_t
    Failed to create node
    Bad typealias declaration at /etc/selinux/targeted/tmp/modules/100/glusterd/cil:1
    /usr/sbin/semodule:  Failed!
    ValueError: Boolean ganesha_use_fusefs is not defined
      Updating   : 1:grub2-tools-extra-2.02-0.75.el7.x86_64                                                                                   196/757
     
     
--------------
      Updating   : 32:bind-libs-lite-9.9.4-71.el7.x86_64                                                                                      314/757
      Updating   : glusterfs-ganesha-3.12.2-20.el7rhgs.x86_64                                                                                 315/757
    ValueError: Boolean ganesha_use_fusefs is not defined
    ValueError: Boolean ganesha_use_fusefs is not defined
---------------


Following AVC's was observed while starting ganesha service post upgrade-

# cat /var/log/audit/audit.log | grep AVC | grep ganesha
type=AVC msg=audit(1538532359.058:179): avc:  denied  { search } for  pid=18074 comm="ganesha.nfsd" name="net" dev="proc" ino=2429 scontext=system_u:system_r:nfsd_t:s0 tcontext=system_u:object_r:sysctl_net_t:s0 tclass=dir permissive=0


Setting of boolean "ganesha_use_fusefs" is failing post upgrade-

# setsebool -P ganesha_use_fusefs on
Failed to change boolean ganesha_use_fusefs: No such file or directory

Version-Release number of selected component (if applicable):

# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 7.6 Beta (Maipo)

# rpm -qa | grep selinux
libselinux-python-2.5-14.1.el7.x86_64
selinux-policy-3.13.1-223.el7.noarch
selinux-policy-targeted-3.13.1-223.el7.noarch
libselinux-utils-2.5-14.1.el7.x86_64
libselinux-2.5-14.1.el7.x86_64

# rpm -qa | grep ganesha
glusterfs-ganesha-3.12.2-20.el7rhgs.x86_64
nfs-ganesha-2.5.5-10.el7rhgs.x86_64
nfs-ganesha-debuginfo-2.5.5-10.el7rhgs.x86_64
nfs-ganesha-gluster-2.5.5-10.el7rhgs.x86_64


How reproducible:
2/2

Steps to Reproduce:
1.Create 5 node ganesha cluster on  RHEL7.5/RHGS 3.4
2.Create a volume
3.Export the volume via ganesha and mount it on client
4.Perform inservice upgrade

Actual results:

Error/warnings wrt boolean and log file is seen when package upgrade is in process

Expected results:

No failures ahould be seen


Additional info:

Note You need to log in before you can comment on or make changes to this bug.