From c125421da1fd101db5a169c6ed9529c3b9d63e37 Mon Sep 17 00:00:00 2001 From: "Kaleb S. KEITHLEY" Date: Fri, 28 Jul 2017 08:55:02 -0400 Subject: [PATCH 588/593] common-ha: enable and disable selinux gluster_use_execmem Starting in Fedora 26 and RHEL 7.4 there are new targeted policies in selinux which include a tuneable to allow glusterd->ganesha-ha.sh->pcs to access the pcs config, i.e. gluster-use-execmem. Note. rpm doesn't have a way to distinguish between RHEL 7.3 or 7.4 or between 3.13.1-X and 3.13.1-Y so it can't be enabled for RHEL at this time. /usr/sbin/semanage is in policycoreutils-python in RHEL (versus policycoreutils-python-utils in Fedora.) Requires selinux-policy >= 3.13.1-160 in RHEL7. The corresponding version in Fedora 26 seems to be selinux-policy-3.13.1-259 or so. (Maybe earlier versions, but that's what was in F26 when I checked.) Upstream Change-Id: Ic474b3f7739ff5be1e99d94d00b55caae4ceb5a0 Upstream BUG: 1471917 Upstream: https://review.gluster.org/17806 Change-Id: Ia28220e5a933b7d1c93737f3e20b72400fd22595 BUG: 1466144 Signed-off-by: Kaleb S. KEITHLEY Reviewed-on: https://code.engineering.redhat.com/gerrit/113799 Reviewed-by: Atin Mukherjee --- extras/ganesha/scripts/ganesha-ha.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/extras/ganesha/scripts/ganesha-ha.sh b/extras/ganesha/scripts/ganesha-ha.sh index 130a584..75bf6c8 100644 --- a/extras/ganesha/scripts/ganesha-ha.sh +++ b/extras/ganesha/scripts/ganesha-ha.sh @@ -982,6 +982,9 @@ main() usage exit 0 fi + + semanage boolean -m gluster_use_execmem --on + HA_CONFDIR=${1%/}; shift local ha_conf=${HA_CONFDIR}/ganesha-ha.conf local node="" @@ -1138,6 +1141,9 @@ $HA_CONFDIR/ganesha-ha.conf ;; esac + + semanage boolean -m gluster_use_execmem --off + } main $* -- 1.8.3.1