|
 |
21ab4e |
From 1eab2c027ad342fc346b35e60c625301e1c247f5 Mon Sep 17 00:00:00 2001
|
|
|
21ab4e |
From: "Kaleb S. KEITHLEY" <kkeithle@redhat.com>
|
|
|
21ab4e |
Date: Thu, 22 Jun 2017 11:52:04 -0400
|
|
|
21ab4e |
Subject: [PATCH 528/529] common-ha: enable and disable selinux
|
|
|
21ab4e |
ganesha_use_fusefs
|
|
|
21ab4e |
|
|
|
21ab4e |
Starting in Fedora 26 and RHEL 7.4 there are new targeted policies
|
|
|
21ab4e |
in selinux which include a tuneable to allow ganesha.nfsd to access
|
|
|
21ab4e |
the gluster (FUSE) shared_storage volume where ganesha maintains its
|
|
|
21ab4e |
state.
|
|
|
21ab4e |
|
|
|
21ab4e |
N.B. rpm doesn't have a way to distinguish between RHEL 7.3 or 7.4
|
|
|
21ab4e |
so it can't be enabled for RHEL at this time. /usr/sbin/semanage is
|
|
|
21ab4e |
in policycoreutils-python in RHEL (versus policycoreutils-python-utils
|
|
|
21ab4e |
in Fedora.) Once RHEL 7.4 GAs we may also wish to specify the version
|
|
|
21ab4e |
for RHEL 7 explicitly, i.e.
|
|
|
21ab4e |
Requires: selinux-policy >= 3.13.1-160.
|
|
|
21ab4e |
But beware, the corresponding version in Fedora 26 seems to be
|
|
|
21ab4e |
selinux-policy-3.13.1.258 or so. (Maybe earlier versions, but that's
|
|
|
21ab4e |
what's currently in the F26 beta.
|
|
|
21ab4e |
|
|
|
21ab4e |
release-3.10 is the upstream master branch for glusterfs-ganesha. For
|
|
|
21ab4e |
release-3.11 and later storhaug needs a similar change, which is
|
|
|
21ab4e |
tracked by https://github.com/linux-ha-storage/storhaug/issues/11
|
|
|
21ab4e |
|
|
|
21ab4e |
Upstream https://review.gluster.org/17597
|
|
|
21ab4e |
Upstream Change-Id: I04a5443edd00636cbded59a2baddfa98095bf7ac
|
|
|
21ab4e |
Upstream BUG: 1463641
|
|
|
21ab4e |
BUG: 1461098
|
|
|
21ab4e |
Signed-off-by: Kaleb S. KEITHLEY <kkeithle@redhat.com>
|
|
|
21ab4e |
|
|
|
21ab4e |
Change-Id: I8f884b6329f0c2f6740fe0a6ce0a2965b0d3559f
|
|
|
21ab4e |
Reviewed-on: https://code.engineering.redhat.com/gerrit/109845
|
|
|
21ab4e |
Tested-by: Kaleb Keithley <kkeithle@redhat.com>
|
|
|
21ab4e |
Reviewed-by: Soumya Koduri <skoduri@redhat.com>
|
|
|
21ab4e |
Reviewed-by: Milind Changire <mchangir@redhat.com>
|
|
|
21ab4e |
Reviewed-by: Atin Mukherjee <amukherj@redhat.com>
|
|
|
21ab4e |
---
|
|
|
21ab4e |
glusterfs.spec.in | 35 ++++++++++++++++++++++++++++++++---
|
|
|
21ab4e |
1 file changed, 32 insertions(+), 3 deletions(-)
|
|
|
21ab4e |
|
|
|
21ab4e |
diff --git a/glusterfs.spec.in b/glusterfs.spec.in
|
|
|
21ab4e |
index d546b38..f22c9e9 100644
|
|
|
21ab4e |
--- a/glusterfs.spec.in
|
|
|
21ab4e |
+++ b/glusterfs.spec.in
|
|
|
21ab4e |
@@ -403,7 +403,17 @@ Requires: pcs, dbus
|
|
|
21ab4e |
%if ( 0%{?rhel} && 0%{?rhel} == 6 )
|
|
|
21ab4e |
Requires: cman, pacemaker, corosync
|
|
|
21ab4e |
%endif
|
|
|
21ab4e |
-%if ( 0%{?fedora} ) || ( 0%{?rhel} && 0%{?rhel} > 5 )
|
|
|
21ab4e |
+%if ( ( 0%{?fedora} && 0%{?fedora} > 25 ) || ( 0%{?rhel} && 0%{?rhel} > 6 ) )
|
|
|
21ab4e |
+%if ( 0%{?rhel} )
|
|
|
21ab4e |
+Requires: selinux-policy >= 3.13.1-160
|
|
|
21ab4e |
+Requires(post): policycoreutils-python
|
|
|
21ab4e |
+Requires(postun): policycoreutils-python
|
|
|
21ab4e |
+%else
|
|
|
21ab4e |
+Requires(post): policycoreutils-python-utils
|
|
|
21ab4e |
+Requires(postun): policycoreutils-python-utils
|
|
|
21ab4e |
+%endif
|
|
|
21ab4e |
+%endif
|
|
|
21ab4e |
+%if ( ( 0%{?fedora} ) || ( 0%{?rhel} && 0%{?rhel} > 5 ) )
|
|
|
21ab4e |
# we need portblock resource-agent in 3.9.5 and later.
|
|
|
21ab4e |
Requires: resource-agents >= 3.9.5
|
|
|
21ab4e |
Requires: net-tools
|
|
|
21ab4e |
@@ -836,6 +846,14 @@ exit 0
|
|
|
21ab4e |
%endif
|
|
|
21ab4e |
|
|
|
21ab4e |
%if ( 0%{?_build_server} )
|
|
|
21ab4e |
+%if ( ( 0%{?fedora} && 0%{?fedora} > 25 ) || ( 0%{?rhel} && 0%{?rhel} > 6 ) )
|
|
|
21ab4e |
+%post ganesha
|
|
|
21ab4e |
+semanage boolean -m ganesha_use_fusefs --on
|
|
|
21ab4e |
+exit 0
|
|
|
21ab4e |
+%endif
|
|
|
21ab4e |
+%endif
|
|
|
21ab4e |
+
|
|
|
21ab4e |
+%if ( 0%{?_build_server} )
|
|
|
21ab4e |
%if ( 0%{!?_without_georeplication:1} )
|
|
|
21ab4e |
%post geo-replication
|
|
|
21ab4e |
if [ $1 -ge 1 ]; then
|
|
|
21ab4e |
@@ -984,6 +1002,14 @@ fi
|
|
|
21ab4e |
%postun api
|
|
|
21ab4e |
/sbin/ldconfig
|
|
|
21ab4e |
|
|
|
21ab4e |
+%if ( 0%{?_build_server} )
|
|
|
21ab4e |
+%if ( ( 0%{?fedora} && 0%{?fedora} > 25 ) || ( 0%{?rhel} && 0%{?rhel} > 6 ) )
|
|
|
21ab4e |
+%postun ganesha
|
|
|
21ab4e |
+semanage boolean -m ganesha_use_fusefs --off
|
|
|
21ab4e |
+exit 0
|
|
|
21ab4e |
+%endif
|
|
|
21ab4e |
+%endif
|
|
|
21ab4e |
+
|
|
|
21ab4e |
%postun libs
|
|
|
21ab4e |
/sbin/ldconfig
|
|
|
21ab4e |
|
|
|
21ab4e |
@@ -2076,10 +2102,13 @@ end
|
|
|
21ab4e |
%endif
|
|
|
21ab4e |
|
|
|
21ab4e |
%changelog
|
|
|
21ab4e |
+* Thu Jun 22 2017 Kaleb S. KEITHLEY <kkeithle@redhat.com>
|
|
|
21ab4e |
+- selinux enable, disable ganesha_access_fuse on install, remove
|
|
|
21ab4e |
+
|
|
|
21ab4e |
* Wed Jun 21 2017 Jiffin Tony Thottan <jthottan@redhat.com>
|
|
|
21ab4e |
- Exclude glusterfssharedstorage.service and mount-shared-storage.sh from client builds
|
|
|
21ab4e |
|
|
|
21ab4e |
-* Fri Jun 20 2017 Jiffin Tony Thottan <jthottan@redhat.com>
|
|
|
21ab4e |
+* Tue Jun 20 2017 Jiffin Tony Thottan <jthottan@redhat.com>
|
|
|
21ab4e |
- Add glusterfssharedstorage.service systemd file
|
|
|
21ab4e |
|
|
|
21ab4e |
* Tue Jun 13 2017 Poornima G <pgurusid@redhat.com>
|
|
|
21ab4e |
@@ -2094,7 +2123,7 @@ end
|
|
|
21ab4e |
* Wed Feb 1 2017 Poornima G <pgurusid@redhat.com>
|
|
|
21ab4e |
- Install /var/lib/glusterd/groups/metadata-cache by default
|
|
|
21ab4e |
|
|
|
21ab4e |
-* Thu Dec 7 2016 Jiffin Tony Thottan <jhottan@redhat.com>
|
|
|
21ab4e |
+* Wed Dec 7 2016 Jiffin Tony Thottan <jhottan@redhat.com>
|
|
|
21ab4e |
- remove S31ganesha-reset.sh from hooks (#1397450)
|
|
|
21ab4e |
|
|
|
21ab4e |
* Fri Nov 18 2016 Soumya Koduri <skoduri@redhat.com>
|
|
|
21ab4e |
--
|
|
|
21ab4e |
1.8.3.1
|
|
|
21ab4e |
|