[rhelv6-list] RHEL 6.4 update : GlusterFS client access SELinux problems
Red Hat Enterprise Linux 6 (Santiago) discussion mailing-list
rhelv6-list at redhat.com
Fri Feb 22 10:59:58 UTC 2013
Hi,
Like many, I'm updating some servers to 6.4, and it has been mostly
good so far.
One problem I just ran into is some GlusterFS clients no longer being
able to mount the GlusterFS share. On boot I see these denials :
type=1400 audit(1361527863.287:4): avc: denied { execute } for
pid=872 comm="mount.glusterfs" name="glusterfsd" dev=vda2 ino=396095
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:glusterd_exec_t:s0 tclass=file type=1400
audit(1361527863.293:5): avc: denied { execute } for pid=872
comm="mount.glusterfs" name="glusterfsd" dev=vda2 ino=396095
scontext=system_u:system_r:mount_t:s0
tcontext=system_u:object_r:glusterd_exec_t:s0 tclass=file
And when trying to "manually" mount, this error :
# service netfs restart
Mounting other filesystems: /sbin/mount.glusterfs: line
130: /usr/sbin/glusterfs: Permission denied
Mount failed. Please check the log file for more details.
With the same SELinux denials logged.
This is a fully updated RHEL 6.4 system, including the updated SELinux
policy packages, and with a full relabel performed "just in case" :
selinux-policy-3.7.19-195.el6_4.1.noarch
selinux-policy-targeted-3.7.19-195.el6_4.1.noarch
Has anyone else seen this? For now, I'll put in a quick fix to stop
these denials, but it seems like a proper fix might be needed in the
main policy.
Matthias
--
Matthias Saou ██ ██
██ ██
Web: http://matthias.saou.eu/ ██████████████
Mail/XMPP: matthias at saou.eu ████ ██████ ████
██████████████████████
GPG: 4096R/E755CC63 ██ ██████████████ ██
8D91 7E2E F048 9C9C 46AF ██ ██ ██ ██
21A9 7A51 7B82 E755 CC63 ████ ████
More information about the rhelv6-list
mailing list