Bug 988855 - semanage fails in %post when installing a plugin
Summary: semanage fails in %post when installing a plugin
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: oVirt
Classification: Retired
Component: ovirt-node
Version: unspecified
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: ---
Assignee: Joey Boggs
QA Contact:
URL:
Whiteboard:
Depends On: 994131
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-07-26 14:53 UTC by Mike Burns
Modified: 2013-11-28 13:49 UTC (History)
8 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2013-11-28 13:49:13 UTC
oVirt Team: ---
Embargoed:

Attachments (Terms of Use)
screenshot (5.19 KB, image/png)
2013-08-06 14:11 UTC, Joey Boggs 		no flags Details
View All

Description Mike Burns 2013-07-26 14:53:39 UTC 
Description of problem:
ovirt-node-plugin-vdsm sets a number of selinux rules (virt_use_nfs, virt_use_sanlock, etc).  When running edit-node, these are not getting set correctly.

Version-Release number of selected component (if applicable):
3.0.0

How reproducible:
always

Steps to Reproduce:
1.take base image and inject ovirt-node-plugin-vdsm
2.boot the image
3.check virt_use_nfs virt_use_sanlock sanlock_use_nfs booleans

Actual results:
all are off

Expected results:
all are on

Additional info:
Comment 1 Joey Boggs 2013-08-06 14:11:57 UTC 
Created attachment 783361 [details]
screenshot
Comment 2 Joey Boggs 2013-08-06 14:45:24 UTC 
These are all on by default since we turn them on in ovirt-node-selinux.

It fails in edit-node since we disable selinux and setsebool won't run.

A workaround is:

Write the boolean into /etc/selinux/targeted/modules/active/booleans.local

virt_use_nfs=1

I checked with selinux folks and that should work fine but filed a bz to add an offline option to make this easier.
Comment 3 Fabian Deutsch 2013-11-28 13:49:13 UTC 
This has been addressed with th selinux specific sub-package.
Note You need to log in before you can comment on or make changes to this bug.