LVM and selinux difference between RHEL 5.X and RHEL 6.X

Allen, Jack Jack.Allen at mckesson.com
Thu Jul 14 04:27:24 UTC 2011


Hello:
	So nobody has any thoughts or comments as to this is selinux or
udev that is making the changes?

	I would have thought someone else has run across the
problem/requirement and come up with a good solution.

-----
Thanks:
	Jack Allen


-----Original Message-----
From: redhat-list-bounces at redhat.com
[mailto:redhat-list-bounces at redhat.com] On Behalf Of Allen, Jack
Sent: Tuesday, July 12, 2011 8:54 PM
To: General Red Hat Linux discussion list
Subject: LVM and selinux difference between RHEL 5.X and RHEL 6.X

Hello:

        I have an application that uses raw Logical Volumes for database
storage. In RHEL 5.X when you created a LV it would create a symbolic
link in the VG name in /dev that pointed to /dev/mapper.

Example1:

        /dev/vg01/database -> /dev/mapper/vg01-database

        In RHEL 6.X it now creates a symbolic link in the VG directory
pointing to a dm-* name and in /dev/mapper the name points to the same
dm-* name.

Wxample2:

        /dev/vg01/database -> ../dm-9

        This in itself is not really causing any problems, it was just
different. The real problem is the device files need to be owned by the
application owner with read and write permission and the group
permission need to be read only, which the users of the application will
be in.

        When I do chmod 0644 /dev/vg01/database, it follows the symbolic
link and changes /dev/dm-9, and chown appl:appl /dev/vg01/database
changes the owner and group. The problem is the first time the
application owner opens the device file for writing, the mode, owner and
group change back to rw-rw---- and owned by root and group disk.

        I have tried changing selinux to permissive, but it did not do
any good.

        So is there a way to keep the device file names from changing
back automatically?

        I assume I could relabel them in some way, but I suspect when
the systems is rebooted and udev and lvm create the device names again,
they will be with the default labeling, mode, owner and group values.

-----

Thanks:

        Jack Allen

-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list




More information about the redhat-list mailing list