922787 – swift replication in /srv/node produces AVC denials [Docs]

Bug 922787 - swift replication in /srv/node produces AVC denials [Docs]

Summary: swift replication in /srv/node produces AVC denials [Docs]

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat OpenStack
Classification:	Red Hat
Component:	doc-Getting_Started_Guide
Sub Component:
Version:	2.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	urgent
Target Milestone:	snapshot5
Target Release:	2.1
Assignee:	Stephen Gordon
QA Contact:	ecs-bugs
Docs Contact:
URL:
Whiteboard:
Depends On:	885529 918721
Blocks:	918549
TreeView+	depends on / blocked

Reported:	2013-03-18 14:02 UTC by Lon Hohberger
Modified:	2013-04-11 06:58 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:	918721
Environment:
Last Closed:	2013-04-11 06:58:33 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Comment 2 Lon Hohberger 2013-03-18 14:04:52 UTC

e.g. the box could easily be:

$ sudo chown -R swift:swift /srv/node/
$ sudo restorecon -R /srv

Comment 3 Lon Hohberger 2013-03-18 14:05:46 UTC

Sorry, the above was referring to the docs in chapter 13, section 4 of the Getting Started Guide.

Right below where we chown /srv/node, we should also add:

  restorecon -R /srv

We do now call this from the RPM, but the RPM only handles the upgrade path - it can't fix the wrong contexts for a new installation, particularly when we're setting up several file systems during deployment.  SELinux contexts will be wrong on the newly-created file systems.

An incorrect label will cause SELinux AVC denials when swift tries to access data in /srv

Note You need to log in before you can comment on or make changes to this bug.