jr wrote:
Hi Guys,
does GFS not work with SELinux at all, even though SElinux seems to
initialize the Filesystem right after the mount correctly, and the files
show labels? (ls -lZ) (this is CentOS 5.1 with the most recent packages,
using GFS non2).
it seems as if i ran into something like that.
even though ls -lZ would show the correct file labels, SELinux denies
access to unlabeled_t.
after restarting one of the nodes in the cluster, that node shows
unlabeled_t when using ls -lZ on the GFS mounted directory. on other
nodes, it's correctly httpd_config_t though.
is there anything known with this or any suggestions?
thanks a lot.
regards,
johannes
There are 2 things that come to mind:
1. I believe that although we have added selinux support for GFS(1) in
RHEL5, the policy does not reflect this. In order to get things working,
you may have to edit your selinux policy such that gfs is defined to
support selinux xattrs.
2. I just fixed a bug in the GFS(1) selinux xattr operations. The
various functions that handle selinux xattrs were incorrectly checking
read/write permissions, which is wrong. This could result in permission
denials, as you mentioned.
--
Linux-cluster mailing list
Linux-cluster@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/linux-cluster
