diff options
author | Kaleb S. KEITHLEY <kkeithle@redhat.com> | 2017-07-17 11:07:40 -0400 |
---|---|---|
committer | Kaleb KEITHLEY <kkeithle@redhat.com> | 2017-07-28 12:28:41 +0000 |
commit | da9f6e9a4123645a20b664a1c167599b64591f7c (patch) | |
tree | c338f50add738fa839a3d17e29a349c751191187 /extras | |
parent | 4eebb51afeef48add13a5155a6a858b780327fce (diff) |
common-ha: enable and disable selinux gluster_use_execmem
Starting in Fedora 26 and RHEL 7.4 there are new targeted policies in
selinux which include a tuneable to allow glusterd->ganesha-ha.sh->pcs
to access the pcs config, i.e. gluster-use-execmem.
Note. rpm doesn't have a way to distinguish between RHEL 7.3 or 7.4
or between 3.13.1-X and 3.13.1-Y so it can't be enabled for RHEL at
this time.
/usr/sbin/semanage is in policycoreutils-python in RHEL (versus
policycoreutils-python-utils in Fedora.)
Requires selinux-policy >= 3.13.1-160 in RHEL7. The corresponding
version in Fedora 26 seems to be selinux-policy-3.13.1-259 or so. (Maybe
earlier versions, but that's what was in F26 when I checked.)
Change-Id: Ic474b3f7739ff5be1e99d94d00b55caae4ceb5a0
BUG: 1471917
Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com>
Reviewed-on: https://review.gluster.org/17806
Smoke: Gluster Build System <jenkins@build.gluster.org>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: soumya k <skoduri@redhat.com>
Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
Diffstat (limited to 'extras')
-rw-r--r-- | extras/ganesha/scripts/ganesha-ha.sh | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/extras/ganesha/scripts/ganesha-ha.sh b/extras/ganesha/scripts/ganesha-ha.sh index 52091b5fd69..5d3bf8413b8 100644 --- a/extras/ganesha/scripts/ganesha-ha.sh +++ b/extras/ganesha/scripts/ganesha-ha.sh @@ -976,6 +976,9 @@ main() usage exit 0 fi + + semanage boolean -m gluster_use_execmem --on + HA_CONFDIR=${1%/}; shift local ha_conf=${HA_CONFDIR}/ganesha-ha.conf local node="" @@ -1130,6 +1133,9 @@ $HA_CONFDIR/ganesha-ha.conf ;; esac + + semanage boolean -m gluster_use_execmem --off + } main $* |