[Bugs] [Bug 1158622] New: SELinux denial when mounting glusterfs nfs volume when using base-port option
bugzilla at redhat.com
bugzilla at redhat.com
Wed Oct 29 18:03:59 UTC 2014
https://bugzilla.redhat.com/show_bug.cgi?id=1158622
Bug ID: 1158622
Summary: SELinux denial when mounting glusterfs nfs volume when
using base-port option
Product: GlusterFS
Version: 3.5.2
Component: nfs
Assignee: bugs at gluster.org
Reporter: jbrooks at redhat.com
CC: bugs at gluster.org, gluster-bugs at redhat.com
Description of problem:
I'm using gluster to provide storage for ovirt, and running ovirt and gluster
on the same machine. Due to a port conflict between gluster and libvirt live
migration, I use the base-port option described at
https://bugzilla.redhat.com/show_bug.cgi?id=987555, and switch the base port
from 49152 to 50152.
However, when attempting to mount a gluster volume via nfs on the same machine
hosting the volume, I get an selinux denial, and the mount fails w/ file not
found. If I leave the base-port option commented out, the mount proceeds as
expected.
Putting selinux into permissive, or setting "setsebool -P nis_enabled 1" allows
mount to proceed.
from the audit.log:
type=AVC msg=audit(1414599671.391:578): avc: denied { name_connect } for
pid=3717 comm="glusterfs" dest=50153 scontext=system_u:system_r:glusterd_t:s0
tcontext=system_u:object_r:ephemeral_port_t:s0 tclass=tcp_socket
Version-Release number of selected component (if applicable):
glusterfs 3.5.2-1.el7 on CentOS 7
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
More information about the Bugs
mailing list