|
|
50dc83 |
From 662c94f3b3173bf78465644e2e42e03efd9ea493 Mon Sep 17 00:00:00 2001
|
|
|
e7a346 |
From: "Kaleb S. KEITHLEY" <kkeithle@redhat.com>
|
|
|
e7a346 |
Date: Mon, 17 Jul 2017 11:07:40 -0400
|
|
|
50dc83 |
Subject: [PATCH 071/124] common-ha: enable and disable selinux
|
|
|
e7a346 |
gluster_use_execmem
|
|
|
e7a346 |
|
|
|
e7a346 |
Starting in Fedora 26 and RHEL 7.4 there are new targeted policies in
|
|
|
e7a346 |
selinux which include a tuneable to allow glusterd->ganesha-ha.sh->pcs
|
|
|
e7a346 |
to access the pcs config, i.e. gluster-use-execmem.
|
|
|
e7a346 |
|
|
|
e7a346 |
Note. rpm doesn't have a way to distinguish between RHEL 7.3 or 7.4
|
|
|
e7a346 |
or between 3.13.1-X and 3.13.1-Y so it can't be enabled for RHEL at
|
|
|
e7a346 |
this time.
|
|
|
e7a346 |
|
|
|
e7a346 |
/usr/sbin/semanage is in policycoreutils-python in RHEL (versus
|
|
|
e7a346 |
policycoreutils-python-utils in Fedora.)
|
|
|
e7a346 |
|
|
|
e7a346 |
Requires selinux-policy >= 3.13.1-160 in RHEL7. The corresponding
|
|
|
e7a346 |
version in Fedora 26 seems to be selinux-policy-3.13.1-259 or so. (Maybe
|
|
|
e7a346 |
earlier versions, but that's what was in F26 when I checked.)
|
|
|
e7a346 |
|
|
|
50dc83 |
Label: DOWNSTREAM ONLY
|
|
|
50dc83 |
|
|
|
e7a346 |
Change-Id: Ic474b3f7739ff5be1e99d94d00b55caae4ceb5a0
|
|
|
e7a346 |
Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com>
|
|
|
e7a346 |
Reviewed-on: https://review.gluster.org/17806
|
|
|
e7a346 |
Smoke: Gluster Build System <jenkins@build.gluster.org>
|
|
|
e7a346 |
CentOS-regression: Gluster Build System <jenkins@build.gluster.org>
|
|
|
e7a346 |
Reviewed-by: soumya k <skoduri@redhat.com>
|
|
|
e7a346 |
Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
|
|
|
50dc83 |
Signed-off-by: Jiffin Tony Thottan <jthottan@redhat.com>
|
|
|
50dc83 |
Reviewed-on: https://code.engineering.redhat.com/gerrit/167156
|
|
|
50dc83 |
Reviewed-by: Soumya Koduri <skoduri@redhat.com>
|
|
|
50dc83 |
Tested-by: RHGS Build Bot <nigelb@redhat.com>
|
|
|
50dc83 |
Reviewed-by: Sunil Kumar Heggodu Gopala Acharya <sheggodu@redhat.com>
|
|
|
e7a346 |
---
|
|
|
e7a346 |
extras/ganesha/scripts/ganesha-ha.sh | 6 ++++++
|
|
|
e7a346 |
1 file changed, 6 insertions(+)
|
|
|
e7a346 |
|
|
|
e7a346 |
diff --git a/extras/ganesha/scripts/ganesha-ha.sh b/extras/ganesha/scripts/ganesha-ha.sh
|
|
|
50dc83 |
index 537c965..f4400af 100644
|
|
|
e7a346 |
--- a/extras/ganesha/scripts/ganesha-ha.sh
|
|
|
e7a346 |
+++ b/extras/ganesha/scripts/ganesha-ha.sh
|
|
|
e7a346 |
@@ -984,6 +984,9 @@ main()
|
|
|
e7a346 |
usage
|
|
|
e7a346 |
exit 0
|
|
|
e7a346 |
fi
|
|
|
e7a346 |
+
|
|
|
e7a346 |
+ semanage boolean -m gluster_use_execmem --on
|
|
|
e7a346 |
+
|
|
|
e7a346 |
HA_CONFDIR=${1%/}; shift
|
|
|
e7a346 |
local ha_conf=${HA_CONFDIR}/ganesha-ha.conf
|
|
|
e7a346 |
local node=""
|
|
|
e7a346 |
@@ -1129,6 +1132,9 @@ $HA_CONFDIR/ganesha-ha.conf
|
|
|
e7a346 |
;;
|
|
|
e7a346 |
|
|
|
e7a346 |
esac
|
|
|
e7a346 |
+
|
|
|
e7a346 |
+ semanage boolean -m gluster_use_execmem --off
|
|
|
e7a346 |
+
|
|
|
e7a346 |
}
|
|
|
e7a346 |
|
|
|
e7a346 |
main $*
|
|
|
e7a346 |
--
|
|
|
e7a346 |
1.8.3.1
|
|
|
e7a346 |
|