[Gluster-devel] What's the status of selinux integration?
Bob Arendt
rda at rincon.com
Tue Aug 11 23:17:05 UTC 2015
On 08/08/2015 10:04 AM, Niels de Vos wrote:
> On Fri, Aug 07, 2015 at 05:30:21PM -0700, Bob Arendt wrote:
>> >I'm currently using gluster 3.6.2, and I've been exploring the gluster docs
>> >and source trees. The man pages seem to indicate that there*should*
>> >be selinux support, perhaps augmented by adding a --selinux argument
>> >to glusterd, glusterfsd, and adding a selinux option to the glusterfs mount.
> The feature to support SElinux over FUSE mounts boils down to the mount
> option "selinux":
>
> # mount -t glusterfs -o selinux storage.example.com:/volume /mnt
>
> The /sbin/mount.glusterfs helper sctipt parses the "selinux" option and
> passes the /usr/sbin/glusterfs binary the --selinux argument.
>
> The option is only affecting the client-side. Without the option the
> special SElinux extended attributes are filtered and not sent to the
> bricks (maybe even with an error returned). As long as the bricks
> support SElinux, everything is expected to work.
>
> In case something is not working correctly, please provide the exact
> steps to reproduce with a clear example in a bug report.
>
> https://bugzilla.redhat.com/enter_bug.cgi?Product=GlusterFS
>
> Thanks,
> Niels
>
Thanks Niels,
I've documented my steps in https://bugzilla.redhat.com/show_bug.cgi?id=1252627
The selinux mount option is asserted, and I see that this does result
in the glusterfs process receiving a --selinux switch. But that's not
effective. Is there something server-side that has to be enabled?
Thank you,
-Bob Arendt
More information about the Gluster-devel
mailing list