[Bugs] [Bug 1252627] Cannot set selinux context on files in on a glusterfs mount
bugzilla at redhat.com
bugzilla at redhat.com
Thu Aug 27 00:11:08 UTC 2015
https://bugzilla.redhat.com/show_bug.cgi?id=1252627
--- Comment #1 from Bob Arendt <rda at rincon.com> ---
The man pages for glusterd, glusterfs, and glusterfsd processes indicate that
they take a --selinux flag. I tried applying this by hacking the glusterd code
to add it - without success. I tried:
/etc/sysconfig/glusterd add
GLUSTERD_OPTIONS='--selinux'
Patch the glusterfs-3.7.3 build:
--- SPECS/glusterfs.spec_orig 2015-08-25 00:38:13.610000109 +0000
+++ SPECS/glusterfs.spec 2015-08-26 00:26:26.793000286 +0000
@@ -165,7 +165,7 @@
%if ( 0%{_for_fedora_koji_builds} )
Name: glusterfs
Version: 3.7.3
-Release: 1%{?prereltag:.%{prereltag}}%{?dist}
+Release: 4%{?prereltag:.%{prereltag}}%{?dist}rda
Vendor: Fedora Project
%else
Name: @PACKAGE_NAME@
@@ -187,6 +187,8 @@
Source0: @PACKAGE_NAME at -@PACKAGE_VERSION at .tar.gz
%endif
+Patch0: glusterd-3.7.3-selinux.patch
+
BuildRoot: %(mktemp -ud
%{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
%if ( 0%{?rhel} && 0%{?rhel} <= 5 )
@@ -595,6 +597,7 @@
%prep
%setup -q -n %{name}-%{version}%{?prereltag}
+%patch0 -p1 -b .selinux
%build
# For whatever reason, install-sh is sometimes missing. When this gets fixed,
-----------------------------------------
$ cat SOURCES/glusterd-3.7.3-selinux.patch
--- ./xlators/mgmt/glusterd/src/glusterd-quota.c_orig 2015-08-26
00:21:01.186000302 +0000
+++ ./xlators/mgmt/glusterd/src/glusterd-quota.c 2015-08-26
00:22:04.272000274 +0000
@@ -246,6 +246,7 @@
runinit (&runner);
runner_add_args (&runner, SBIN_DIR"/glusterfs",
+ "--selinux",
"-s", "localhost",
"--volfile-id", volname,
"--use-readdirp=no",
--- ./xlators/mgmt/glusterd/src/glusterd-volume-ops.c_orig 2015-08-26
00:21:01.195000301 +0000
+++ ./xlators/mgmt/glusterd/src/glusterd-volume-ops.c 2015-08-26
00:22:42.866000330 +0000
@@ -2770,7 +2770,7 @@
runinit (&runner);
glusterd_get_trusted_client_filepath (client_volfpath, volinfo,
volinfo->transport_type);
- runner_add_args (&runner, SBIN_DIR"/glusterfs", "-f", NULL);
+ runner_add_args (&runner, SBIN_DIR"/glusterfs", "-f", NULL,
"--selinux");
runner_argprintf (&runner, "%s", client_volfpath);
runner_add_arg (&runner, "-l");
runner_argprintf (&runner, DEFAULT_LOG_FILE_DIRECTORY
--- ./xlators/mgmt/glusterd/src/glusterd-mountbroker.c_orig 2015-08-26
00:21:01.185000302 +0000
+++ ./xlators/mgmt/glusterd/src/glusterd-mountbroker.c 2015-08-26
00:21:54.417000313 +0000
@@ -659,6 +659,7 @@
runinit (&runner);
runner_add_arg (&runner, SBIN_DIR"/glusterfs");
+ runner_add_arg (&runner, "--selinux");
seq_dict_foreach (argdict, _runner_add, &runner);
runner_add_arg (&runner, mtptemp);
ret = runner_run_reuse (&runner);
--- ./xlators/mgmt/glusterd/src/glusterd-rebalance.c_orig 2015-08-26
00:21:01.188000301 +0000
+++ ./xlators/mgmt/glusterd/src/glusterd-rebalance.c 2015-08-26
00:22:14.668000295 +0000
@@ -261,6 +261,7 @@
snprintf (volname, sizeof(volname), "rebalance/%s", volinfo->volname);
runner_add_args (&runner, SBIN_DIR"/glusterfs",
+ "--selinux",
"-s", "localhost", "--volfile-id", volname,
"--xlator-option", "*dht.use-readdirp=yes",
"--xlator-option", "*dht.lookup-unhashed=yes",
--- ./xlators/mgmt/glusterd/src/glusterd-replace-brick.c_orig 2015-08-26
00:21:01.189000301 +0000
+++ ./xlators/mgmt/glusterd/src/glusterd-replace-brick.c 2015-08-26
00:22:18.535000291 +0000
@@ -83,6 +83,7 @@
runinit (&runner);
runner_add_args (&runner, SBIN_DIR"/glusterfs",
+ "--selinux",
"-s", "localhost",
"--volfile-id", volinfo->volname,
"--client-pid", pid,
--- ./xlators/mgmt/glusterd/src/glusterd-snapd-svc.c_orig 2015-08-26
00:21:01.191000299 +0000
+++ ./xlators/mgmt/glusterd/src/glusterd-snapd-svc.c 2015-08-26
00:22:22.317000303 +0000
@@ -287,6 +287,7 @@
snprintf (snapd_id, sizeof (snapd_id), "snapd-%s", volinfo->volname);
runner_add_args (&runner, SBIN_DIR"/glusterfsd",
+ "--selinux",
"-s", svc->proc.volfileserver,
"--volfile-id", svc->proc.volfileid,
"-p", svc->proc.pidfile,
--- ./xlators/mgmt/glusterd/src/glusterd-utils.c_orig 2015-08-26
00:21:01.193000300 +0000
+++ ./xlators/mgmt/glusterd/src/glusterd-utils.c 2015-08-26
00:22:32.278000299 +0000
@@ -1620,6 +1620,7 @@
(void) snprintf (glusterd_uuid, 1024, "*-posix.glusterd-uuid=%s",
uuid_utoa (MY_UUID));
runner_add_args (&runner, SBIN_DIR"/glusterfsd",
+ "--selinux",
"-s", brickinfo->hostname, "--volfile-id", volfile,
"-p", pidfile, "-S", socketpath,
"--brick-name", brickinfo->path,
--- ./xlators/mgmt/glusterd/src/glusterd-svc-mgmt.c_orig 2015-08-26
00:21:01.192000299 +0000
+++ ./xlators/mgmt/glusterd/src/glusterd-svc-mgmt.c 2015-08-26
00:22:28.821000303 +0000
@@ -182,6 +182,7 @@
}
runner_add_args (&runner, SBIN_DIR"/glusterfs",
+ "--selinux",
"-s", svc->proc.volfileserver,
"--volfile-id", svc->proc.volfileid,
"-p", svc->proc.pidfile,
-----------------------------------------
Although this applies --selinux to all processes:
# ps -eo args |grep glust
/usr/sbin/glusterd --pid-file=/var/run/glusterd.pid --selinux
/usr/sbin/glusterfsd --selinux -s ga --volfile-id gvol.ga.b1 -p
/var/lib/glusterd/vols/gvol/run/ga-b1.pid -S
/var/run/gluster/11753d16ee8a048e5f9b2331cbcfd4c7.socket --brick-name /b1 -l
/var/log/glusterfs/bricks/b1.log --xlator-option
*-posix.glusterd-uuid=6f491c3b-53d5-4928-8435-6c3d84f3ce53 --brick-port 49152
--xlator-option gvol-server.listen-port=49152
/usr/sbin/glusterfs --selinux -s localhost --volfile-id gluster/glustershd -p
/var/lib/glusterd/glustershd/run/glustershd.pid -l
/var/log/glusterfs/glustershd.log -S
/var/run/gluster/6502d8ef42d50130bd676cf9ef26c76d.socket --xlator-option
*replicate*.node-uuid=6f491c3b-53d5-4928-8435-6c3d84f3ce53
/usr/sbin/glusterfs --selinux --volfile-server=localhost --volfile-id=/gvol
/data
.. I still see the same error using chcon. So something deeper in the code
seems to be missing.
Anyone have an idea where the disconnect is?
--
You are receiving this mail because:
You are on the CC list for the bug.
You are the assignee for the bug.
More information about the Bugs
mailing list