|
 |
9f5ccc |
From 36180d21dc4b16619b75d65d51eaf37df4e0e2d3 Mon Sep 17 00:00:00 2001
|
|
|
9f5ccc |
From: Sunny Kumar <sunkumar@redhat.com>
|
|
|
9f5ccc |
Date: Mon, 20 Apr 2020 12:15:42 +0100
|
|
|
9f5ccc |
Subject: [PATCH 365/367] build: geo-rep requires relevant selinux permission
|
|
|
9f5ccc |
for rsync
|
|
|
9f5ccc |
|
|
|
9f5ccc |
If selinux is set in enforcing mode geo-rep goes into faulty state.
|
|
|
9f5ccc |
|
|
|
9f5ccc |
To avoid this from happening some relevant selinux booleans need to be set
|
|
|
9f5ccc |
in 'on' state to allow rsync operation.
|
|
|
9f5ccc |
|
|
|
9f5ccc |
Backport of:
|
|
|
9f5ccc |
>Upstream Patch: https://review.gluster.org/#/c/glusterfs/+/24348.
|
|
|
9f5ccc |
>Change-Id: Ia8ce530d6548c2a545f4c99c600f5aac2bbb3363
|
|
|
9f5ccc |
>Fixes: #1182
|
|
|
9f5ccc |
>Signed-off-by: Sunny Kumar <sunkumar@redhat.com>
|
|
|
9f5ccc |
|
|
|
9f5ccc |
BUG: 1813917
|
|
|
9f5ccc |
Change-Id: Ia8ce530d6548c2a545f4c99c600f5aac2bbb3363
|
|
|
9f5ccc |
Signed-off-by: Sunny Kumar <sunkumar@redhat.com>
|
|
|
9f5ccc |
Reviewed-on: https://code.engineering.redhat.com/gerrit/198599
|
|
|
9f5ccc |
Tested-by: RHGS Build Bot <nigelb@redhat.com>
|
|
|
9f5ccc |
Reviewed-by: Sunil Kumar Heggodu Gopala Acharya <sheggodu@redhat.com>
|
|
|
9f5ccc |
---
|
|
|
9f5ccc |
glusterfs.spec.in | 15 +++++++++++++++
|
|
|
9f5ccc |
1 file changed, 15 insertions(+)
|
|
|
9f5ccc |
|
|
|
9f5ccc |
diff --git a/glusterfs.spec.in b/glusterfs.spec.in
|
|
|
9f5ccc |
index 7c8a751..5ed07e7 100644
|
|
|
9f5ccc |
--- a/glusterfs.spec.in
|
|
|
9f5ccc |
+++ b/glusterfs.spec.in
|
|
|
9f5ccc |
@@ -130,6 +130,12 @@
|
|
|
9f5ccc |
## All %%global definitions should be placed here and keep them sorted
|
|
|
9f5ccc |
##
|
|
|
9f5ccc |
|
|
|
9f5ccc |
+# selinux booleans whose defalut value needs modification
|
|
|
9f5ccc |
+# these booleans will be consumed by "%%selinux_set_booleans" macro.
|
|
|
9f5ccc |
+%if ( 0%{?rhel} && 0%{?rhel} >= 8 )
|
|
|
9f5ccc |
+%global selinuxbooleans rsync_full_access=1 rsync_client=1
|
|
|
9f5ccc |
+%endif
|
|
|
9f5ccc |
+
|
|
|
9f5ccc |
%if ( 0%{?fedora} ) || ( 0%{?rhel} && 0%{?rhel} > 6 )
|
|
|
9f5ccc |
%global _with_systemd true
|
|
|
9f5ccc |
%endif
|
|
|
9f5ccc |
@@ -515,6 +521,12 @@ Requires: python%{_pythonver}-gluster = %{version}-%{release}
|
|
|
9f5ccc |
Requires: rsync
|
|
|
9f5ccc |
Requires: util-linux
|
|
|
9f5ccc |
Requires: %{name}-libs%{?_isa} = %{version}-%{release}
|
|
|
9f5ccc |
+# required for setting selinux bools
|
|
|
9f5ccc |
+%if ( 0%{?rhel} && 0%{?rhel} >= 8 )
|
|
|
9f5ccc |
+Requires: selinux-policy-targeted
|
|
|
9f5ccc |
+Requires(post): selinux-policy-targeted
|
|
|
9f5ccc |
+BuildRequires: selinux-policy-devel
|
|
|
9f5ccc |
+%endif
|
|
|
9f5ccc |
|
|
|
9f5ccc |
%description geo-replication
|
|
|
9f5ccc |
GlusterFS is a distributed file-system capable of scaling to several
|
|
|
9f5ccc |
@@ -941,6 +953,9 @@ exit 0
|
|
|
9f5ccc |
|
|
|
9f5ccc |
%if ( 0%{!?_without_georeplication:1} )
|
|
|
9f5ccc |
%post geo-replication
|
|
|
9f5ccc |
+%if ( 0%{?rhel} && 0%{?rhel} >= 8 )
|
|
|
9f5ccc |
+%selinux_set_booleans %{selinuxbooleans}
|
|
|
9f5ccc |
+%endif
|
|
|
9f5ccc |
if [ $1 -ge 1 ]; then
|
|
|
9f5ccc |
%systemd_postun_with_restart glusterd
|
|
|
9f5ccc |
fi
|
|
|
9f5ccc |
--
|
|
|
9f5ccc |
1.8.3.1
|
|
|
9f5ccc |
|