diff options
author | Kaleb S. KEITHLEY <kkeithle@redhat.com> | 2017-06-21 10:01:20 -0400 |
---|---|---|
committer | Kaleb KEITHLEY <kkeithle@redhat.com> | 2017-06-22 15:05:47 +0000 |
commit | 5ad6e1e07f5304deb022ebd54dbbdac6f9c651fb (patch) | |
tree | 41644ff6c7d6a9652def15c03356a0381ef56635 /glusterfs.spec.in | |
parent | cf1f33a261b093a5cdb17406f3bc8e301caf9581 (diff) |
common-ha: enable and disable selinux ganesha_use_fusefs
Starting in Fedora 26 and RHEL 7.4 there are new targeted policies
in selinux which include a tuneable to allow ganesha.nfsd to access
the gluster (FUSE) shared_storage volume where ganesha maintains its
state.
N.B. rpm doesn't have a way to distinguish between RHEL 7.3 or 7.4
so it can't be enabled for RHEL at this time. /usr/sbin/semanage is
in policycoreutils-python in RHEL (versus policycoreutils-python-utils
in Fedora.) Once RHEL 7.4 GAs we may also wish to specify the version
for RHEL 7 explicitly, i.e.
Requires: selinux-policy >= 3.13.1-160.
But beware, the corresponding version in Fedora 26 seems to be
selinux-policy-3.13.1.258 or so. (Maybe earlier versions, but that's
what's currently in the F26 beta.
release-3.10 is the upstream master branch for glusterfs-ganesha. For
release-3.11 and later storhaug needs a similar change, which is
tracked by https://github.com/linux-ha-storage/storhaug/issues/11
Maybe at some point we would want to consider migrating the targeted
policies for glusterfs (and nfs-ganesha) from selinux-policy to a
glusterfs-selinux (and nfs-ganesha-selinux) subpackage?
Change-Id: I04a5443edd00636cbded59a2baddfa98095bf7ac
BUG: 1463641
Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com>
Reviewed-on: https://review.gluster.org/17597
Smoke: Gluster Build System <jenkins@build.gluster.org>
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Reviewed-by: jiffin tony Thottan <jthottan@redhat.com>
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
Diffstat (limited to 'glusterfs.spec.in')
-rw-r--r-- | glusterfs.spec.in | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/glusterfs.spec.in b/glusterfs.spec.in index fdaf5ffbb01..3b391368f4e 100644 --- a/glusterfs.spec.in +++ b/glusterfs.spec.in @@ -379,6 +379,10 @@ Requires: pcs, dbus %if ( 0%{?rhel} && 0%{?rhel} == 6 ) Requires: cman, pacemaker, corosync %endif +%if ( 0%{?fedora} && 0%{?fedora} > 25 ) +Requires(post): policycoreutils-python-utils +Requires(postun): policycoreutils-python-utils +%endif %if ( 0%{?fedora} ) || ( 0%{?rhel} && 0%{?rhel} > 5 ) # we need portblock resource-agent in 3.9.5 and later. Requires: resource-agents >= 3.9.5 @@ -808,6 +812,12 @@ modprobe fuse exit 0 %endif +%if ( 0%{?fedora} && 0%{?fedora} > 25 ) +%post ganesha +semanage boolean -m ganesha_use_fusefs --on +exit 0 +%endif + %if ( 0%{!?_without_georeplication:1} ) %post geo-replication if [ $1 -ge 1 ]; then @@ -938,6 +948,12 @@ exit 0 %postun api /sbin/ldconfig +%if ( 0%{?fedora} && 0%{?fedora} > 25 ) +%postun ganesha +semanage boolean -m ganesha_use_fusefs --off +exit 0 +%endif + %postun libs /sbin/ldconfig @@ -1271,6 +1287,9 @@ exit 0 %endif %changelog +* Wed Jun 21 2017 Kaleb S. KEITHLEY <kkeithle@redhat.com> +- selinux enable, disable ganesha_access_fuse on install, remove + * Tue Feb 21 2017 Niels de Vos <ndevos@redhat.com> - Obsolete and Provide python-gluster for upgrading from glusterfs < 3.10 |