Red Hat Bugzilla – Bug 205332
iscsi tools need selinux policy
Last modified: 2012-06-26 12:08:35 EDT
We need to have some basic amount of SELinux policy around the iscsi tools so
that the tools get transitioned into domains that can connect to the sockets,
read the config files, etc when invoked by mkinitrd with root on iscsi.
At this point, probably not going to happen for test3, but we should try to get
it in right after
Created attachment 137080 [details]
Initial policy for iscsi
If you untar this tgz and execute the following commands you can install the
tar zxvf /tmp/iscsi.tgz
semodule -i iscsid.pp
restorecon /sbin/iscsid /var/run/iscsid.pid
service iscsi restart
BTW iscsid.pid should be in /var/run not /etc/iscsi Please change.
Run your tests. Collect avcs and send them to me.
This is in now -- I'll try to do some testing with it to see where the holes are