summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorNiels de Vos <ndevos@redhat.com>2017-05-30 10:22:55 +0530
committerShyamsundar Ranganathan <srangana@redhat.com>2017-05-30 12:46:49 +0000
commitf886a26964a13c1bc43a1fd4d2bfdabc74473058 (patch)
treeeec1b889f0c4a68e7aee259a1aafdcb5de3f9dd2
parent24d6009038082b94dc2758b1e0fffaeed333528c (diff)
doc: add details for the SELinux feature to the release-notesv3.11.0
Change-Id: I288196ed195f4d0a36eadd363085602ac4b1f670 Updates: #55 Signed-off-by: Niels de Vos <ndevos@redhat.com> Reviewed-on: https://review.gluster.org/17416 CentOS-regression: Gluster Build System <jenkins@build.gluster.org> NetBSD-regression: NetBSD Build System <jenkins@build.gluster.org> Reviewed-by: Manikandan Selvaganesh <manikandancs333@gmail.com> Smoke: Gluster Build System <jenkins@build.gluster.org>
-rw-r--r--doc/release-notes/3.11.0.md22
1 files changed, 19 insertions, 3 deletions
diff --git a/doc/release-notes/3.11.0.md b/doc/release-notes/3.11.0.md
index 089d3dc..7df7f53 100644
--- a/doc/release-notes/3.11.0.md
+++ b/doc/release-notes/3.11.0.md
@@ -28,11 +28,27 @@ Choose the one the best fits your environment and use it.
### Added SELinux support for Gluster Volumes
**Notes for users:**
-<TBD>
+A new xlator has been introduced (`features/selinux`) to allow setting the
+extended attribute (`security.selinux`) that is needed to support SELinux on
+Gluster volumes. The current ability to enforce the SELinux policy on the
+Gluster Storage servers prevents setting the extended attribute for use on the
+client side. The new translator converts the client-side SELinux extended
+attribute to a Gluster internal representation (the `trusted.glusterfs.selinux`
+extended attribute) to prevent problems.
-**Limitations:** <TBD>
+This feature is intended to be the base for implementing Labelled-NFS in
+NFS-Ganesha and SELinux support for FUSE mounts in the Linux kernel.
-**Known Issues:** <TBD>
+**Limitations:**
+- The Linux kernel does not support mounting of FUSE filesystems with SELinux
+ support, yet.
+- NFS-Ganesha does not support Labelled-NFS, yet.
+
+**Known Issues:**
+- There has been limited testing, because other projects can not consume the
+ functionality yet without being part of a release. So far, no problems have
+ been observed, but this might change when other projects start to seriously
+ use this.
### Several memory leaks are fixed in gfapi during graph switches
**Notes for users:**