[Gluster-devel] What's the status of selinux integration?
Bob Arendt
rda at rincon.com
Sat Aug 8 00:30:21 UTC 2015
I'm currently using gluster 3.6.2, and I've been exploring the gluster docs
and source trees. The man pages seem to indicate that there *should*
be selinux support, perhaps augmented by adding a --selinux argument
to glusterd, glusterfsd, and adding a selinux option to the glusterfs mount.
But it looks like the gluster implementation is incomplete (or there's
a configuration option that I'm missing). Despite asserting these
options on every level, I am unable to change the security context
on any file or directory. It remains statically assigned to:
system_u:object_r:fusefs_t:s0
The context on the underlying brick is ignored as well.
Looking at the source for glusterd on github (which normally starts
glusterfsd instances), glusterd does not have a mechanism to place a
"--selinux" argument on the glusterfsd command line. Likewise, I don't
see much in the source that actually refers to selinux.
Looking here:
http://www.gluster.org/community/documentation/index.php/Features/SELinux_Integration
.. I think that "There's really not any coding involved in the gluster side ..."
might not be correct. We really need to be able set per-directory and per-file
selinux contexts in subdirectories on gluster volumes.
Is there a plan or work being done that would support per-directory selinux contexts?
Let me apologize in advance if this work is complete and I've missed
a configuration item to enable it. But scouring the documentation and
source code I could not find it. Any help or information would be appreciated.
Thank you,
-Bob Arendt
More information about the Gluster-devel
mailing list