Description of problem: ----------------------- After creating gluster bricks using gluster-ansible-roles, selinux labels are missing on the XFS bricks Version-Release number of selected component (if applicable): --------------------------------------------------------------- gluster-ansible-role-1.0.2-2 How reproducible: ------------------- Always Steps to Reproduce: -------------------- 1. Create bricks using gluster-ansible-roles 2. Check for selinux labels on the brick mount Actual results: --------------- Missing selinux label on gluster brick mounts Expected results: ----------------- Proper selinux label should be set on the brick mounts Additional info: ----------------- [root@ ]# ls -lsZ /gluster_bricks/vmstore/ total 0 drwxr-xr-x. vdsm kvm system_u:object_r:unlabeled_t:s0 vmstore [root@ ]# ls -lsZ /gluster_bricks/vmstore/vmstore/ total 0 -rwxr-xr-x. vdsm kvm system_u:object_r:unlabeled_t:s0 __DIRECT_IO_TEST__ drwxr-xr-x. vdsm kvm system_u:object_r:unlabeled_t:s0 e0522414-519c-43b1-92de-47772d934eb4
https://github.com/gluster/gluster-ansible-infra/pull/35 fixes the issue. Now the SeLinux context is set on the directories: [root@dhcp43-169 ~]# ls -lZ /mnt drwxr-xr-x. root root system_u:object_r:glusterd_brick_t:s0 thicklv drwxr-xr-x. root root system_u:object_r:glusterd_brick_t:s0 thinlv1 drwxr-xr-x. root root system_u:object_r:glusterd_brick_t:s0 thinlv2
(In reply to Sachidananda Urs from comment #1) > https://github.com/gluster/gluster-ansible-infra/pull/35 fixes the issue. > > Now the SeLinux context is set on the directories: > > [root@dhcp43-169 ~]# ls -lZ /mnt > drwxr-xr-x. root root system_u:object_r:glusterd_brick_t:s0 thicklv > drwxr-xr-x. root root system_u:object_r:glusterd_brick_t:s0 thinlv1 > drwxr-xr-x. root root system_u:object_r:glusterd_brick_t:s0 thinlv2 Thanks Sac for the fix. I will propose it to be included for RHGS 3.4.1
(In reply to SATHEESARAN from comment #2) > (In reply to Sachidananda Urs from comment #1) > > https://github.com/gluster/gluster-ansible-infra/pull/35 fixes the issue. > > > > Now the SeLinux context is set on the directories: > > > > [root@dhcp43-169 ~]# ls -lZ /mnt > > drwxr-xr-x. root root system_u:object_r:glusterd_brick_t:s0 thicklv > > drwxr-xr-x. root root system_u:object_r:glusterd_brick_t:s0 thinlv1 > > drwxr-xr-x. root root system_u:object_r:glusterd_brick_t:s0 thinlv2 > > Thanks Sac for the fix. I will propose it to be included for RHGS 3.4.1 Commit: https://github.com/gluster/gluster-ansible-infra/pull/35/commits/a732a87c55
Tested with gluster-ansible-roles-1.0.3. Post RHHI deployment, bricks does have the required selinux labels on them # ls -1Z /gluster_bricks/ drwxr-xr-x. root root system_u:object_r:glusterd_brick_t:s0 data drwxr-xr-x. root root system_u:object_r:glusterd_brick_t:s0 engine drwxr-xr-x. root root system_u:object_r:glusterd_brick_t:s0 vmstore
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3428