850956 – SELinux error generated on gluster volume start.

Bug 850956 - SELinux error generated on gluster volume start.

Summary: SELinux error generated on gluster volume start.

Keywords:
Status:	CLOSED DUPLICATE of bug 852266
Alias:	None
Product:	Red Hat Gluster Storage
Classification:	Red Hat Storage
Component:	glusterfs
Sub Component:
Version:	2.0
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Raghavendra Bhat
QA Contact:	Sudhir D
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-08-22 21:19 UTC by Ben Turner
Modified:	2012-12-26 11:08 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-12-26 11:08:44 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Ben Turner 2012-08-22 21:19:49 UTC

Description of problem:

When I create create a new volume and attempt to start it I see some SELinux errors that say glusterd is blocking access to mnt-samba-<my volume>.log.

Version-Release number of selected component (if applicable):

glusterfs-3.3.0rhs-26.el6rhs.x86_64

How reproducible:

Every time I create a distributed volume. I haven't tested with other volume types yet.

Steps to Reproduce:
1. Create new volume
2. Start new volume
3. Run sealert to see error.

Actual results:

[root@rusty ~]# gluster volume create distributed-volume2 `hostname`:/brick1 guido.lab.eng.blr.redhat.com:/brick1
Creation of volume distributed-volume2 has been successful. Please start the volume to access data.
[root@rusty ~]# gluster volume start distributed-volume2
Starting volume distributed-volume2 has been successful
[root@rusty ~]# sealert -a /var/log/audit/audit.log
100% donefound 1 alerts in /var/log/audit/audit.log
--------------------------------------------------------------------------------

SELinux is preventing /usr/sbin/glusterfsd from add_name access on the directory mnt-samba-distributed-volume2.log.

***** Plugin catchall (100. confidence) suggests ***************************

If you believe that glusterfsd should be allowed add_name access on the mnt-samba-distributed-volume2.log directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep glusterfs /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Expected results:

No SELinux errors.

Additional info:

Comment 1 Amar Tumballi 2012-08-23 16:13:40 UTC

will this fall under a feature request to enable SELinux on RHS? as of now, any bug open regarding SELinux would root cause to not having SELinux

Comment 2 Ben Turner 2012-08-27 16:17:05 UTC

Ahh, I understand what is going on.  When I do installs in beaker it runs everything with SELinux enabled.  I didn't realize that SELinux wasn't supported on the Red Hat Storage Appliance.

Comment 3 Amar Tumballi 2012-10-06 15:00:44 UTC

will treat it as FutureFeature, and not as a bug...

Comment 4 Amar Tumballi 2012-11-26 03:46:04 UTC

As its a FutureFeature, marking the priority as medium.

Comment 6 Amar Tumballi 2012-12-26 11:08:44 UTC

Ben I will be closing it as a dup of 852266. As its a umbrella bug for getting SELinux support in RHS.

*** This bug has been marked as a duplicate of bug 852266 ***

Note You need to log in before you can comment on or make changes to this bug.