[Linux-cluster] RHEL4.5, GFS and selinux, are they playing nice?
Ryan O'Hara
rohara at redhat.com
Wed Sep 12 20:26:00 UTC 2007
Roger Peña wrote:
>> is this related to the fact that selinux policy
>> stated
>> this:
>> genfscon gfs / system_u:object_r:nfs_t
Yes. This is what would be used for a filesystem that does not support
selinux xattrs. In RHEL4.5, SELinux xattr support was added to GFS.
However...
> should I follow what is stated for reiserfs in this
> url:
> http://james-morris.livejournal.com/3580.html
Yes. GFS needs to be defined as a filesystem that supports selinux xattrs.
> if I should do it, because is the right thing to do,
> why:
> 1- redhat did not do it for the release of 4.5 ?
The reason that the selinux policy was not updated for RHEL4.5 (in
regards to selinux xattr support for GFS) is described in BZ 215559,
comment #3:
"Changing this on the installed environment could have unexpected
results. For example, currently all files on gfs are unlabled and
treated as nfs_t. If I suddenly make this change, these file would then
be treated file_t and any domain that was using them would become unable
to . This would require a relabel to fix. And could cause hundreds of
AVC messages. I do not feel this is worth it since almost everyone will
not use the labels on GFS to treat one file differently than another. In
the future, where you might have /usr mounted on a gfs or gfs2
partition, this would become more valuable."
> 2- others aren't getting this king of problems?
I'm not sure how many people are using GFS with SELinux enabled. :)
-Ryan
More information about the Linux-cluster
mailing list