Bug 922787 - swift replication in /srv/node produces AVC denials [Docs]
swift replication in /srv/node produces AVC denials [Docs]
Product: Red Hat OpenStack
Classification: Red Hat
Component: doc-Getting_Started_Guide (Show other bugs)
Unspecified Unspecified
urgent Severity urgent
: snapshot5
: 2.1
Assigned To: Stephen Gordon
: Documentation, Triaged
Depends On: 885529 918721
Blocks: 918549
  Show dependency treegraph
Reported: 2013-03-18 10:02 EDT by Lon Hohberger
Modified: 2013-04-11 02:58 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 918721
Last Closed: 2013-04-11 02:58:33 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Comment 2 Lon Hohberger 2013-03-18 10:04:52 EDT
e.g. the box could easily be:

$ sudo chown -R swift:swift /srv/node/
$ sudo restorecon -R /srv
Comment 3 Lon Hohberger 2013-03-18 10:05:46 EDT
Sorry, the above was referring to the docs in chapter 13, section 4 of the Getting Started Guide.

Right below where we chown /srv/node, we should also add:

  restorecon -R /srv

We do now call this from the RPM, but the RPM only handles the upgrade path - it can't fix the wrong contexts for a new installation, particularly when we're setting up several file systems during deployment.  SELinux contexts will be wrong on the newly-created file systems.

An incorrect label will cause SELinux AVC denials when swift tries to access data in /srv

Note You need to log in before you can comment on or make changes to this bug.