Bug 905192 - 3.1.z selinux access problems
3.1.z selinux access problems
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: vdsm (Show other bugs)
x86_64 Linux
urgent Severity medium
: rc
: 6.4
Assigned To: Federico Simoncelli
Dafna Ron
: ZStream
Depends On: 877715 879899
  Show dependency treegraph
Reported: 2013-01-28 14:48 EST by Chris Pelland
Modified: 2013-02-25 14:08 EST (History)
15 users (show)

See Also:
Fixed In Version: vdsm-4.10.2-1.3.el6
Doc Type: Bug Fix
Doc Text:
Previously, SELinux prevented /usr/sbin/sanlock from search access on NFS data storage domains, because of the SELinux context set on the files in those domains. This stopped NFS storage domains being activated, because the SPM role could not be assigned to a host. Now, VDSM correctly sets the SELinux context labels on files in data storage domains, allowing Sanlock to function correctly.
Story Points: ---
Clone Of: 879899
Last Closed: 2013-02-25 14:08:02 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
oVirt gerrit 10067 None None None Never
oVirt gerrit 10281 None None None Never
oVirt gerrit 10282 None None None Never

  None (edit)
Comment 1 Federico Simoncelli 2013-01-29 06:51:30 EST
I74070ebb: misc: rename safelease to clusterlock [1]
I78072254: domain: select the cluster lock using makeClusterLock [2]
I106618a9: clusterlock: add the local locking implementation [3]

[1] http://gerrit.ovirt.org/#/c/10067/
[2] http://gerrit.ovirt.org/#/c/10281/
[3] http://gerrit.ovirt.org/#/c/10282/
Comment 3 Dafna Ron 2013-02-24 12:32:41 EST
verified on si27.2 on all-in-one with vdsm-4.10.2-1.6.el6.x86_64
[root@cougar02 yum.repos.d]# getsebool -a | egrep "(sanlock_use|virt_use_sanlock)"
sanlock_use_fusefs --> on
sanlock_use_nfs --> on
sanlock_use_samba --> on
virt_use_sanlock --> on
[root@cougar02 yum.repos.d]#
Comment 5 errata-xmlrpc 2013-02-25 14:08:02 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.