From 916a79ea78db264ceedd4ebdba794e488b82eceb Mon Sep 17 00:00:00 2001 From: "Kaleb S. KEITHLEY" Date: Wed, 21 Jun 2017 10:01:20 -0400 Subject: [PATCH 069/124] common-ha: enable and disable selinux ganesha_use_fusefs Starting in Fedora 26 and RHEL 7.4 there are new targeted policies in selinux which include a tuneable to allow ganesha.nfsd to access the gluster (FUSE) shared_storage volume where ganesha maintains its state. N.B. rpm doesn't have a way to distinguish between RHEL 7.3 or 7.4 so it can't be enabled for RHEL at this time. /usr/sbin/semanage is in policycoreutils-python in RHEL (versus policycoreutils-python-utils in Fedora.) Once RHEL 7.4 GAs we may also wish to specify the version for RHEL 7 explicitly, i.e. Requires: selinux-policy >= 3.13.1-160. But beware, the corresponding version in Fedora 26 seems to be selinux-policy-3.13.1.258 or so. (Maybe earlier versions, but that's what's currently in the F26 beta. release-3.10 is the upstream master branch for glusterfs-ganesha. For release-3.11 and later storhaug needs a similar change, which is tracked by https://github.com/linux-ha-storage/storhaug/issues/11 Maybe at some point we would want to consider migrating the targeted policies for glusterfs (and nfs-ganesha) from selinux-policy to a glusterfs-selinux (and nfs-ganesha-selinux) subpackage? Label: DOWNSTREAM ONLY Change-Id: I04a5443edd00636cbded59a2baddfa98095bf7ac Signed-off-by: Kaleb S. KEITHLEY Reviewed-on: https://review.gluster.org/17597 Smoke: Gluster Build System Reviewed-by: Niels de Vos Reviewed-by: jiffin tony Thottan CentOS-regression: Gluster Build System Signed-off-by: Jiffin Tony Thottan Reviewed-on: https://code.engineering.redhat.com/gerrit/167154 Reviewed-by: Soumya Koduri Tested-by: RHGS Build Bot Reviewed-by: Sunil Kumar Heggodu Gopala Acharya --- glusterfs.spec.in | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/glusterfs.spec.in b/glusterfs.spec.in index d748ebc..b01c94f 100644 --- a/glusterfs.spec.in +++ b/glusterfs.spec.in @@ -466,6 +466,11 @@ Requires: pcs, dbus Requires: cman, pacemaker, corosync %endif +%if ( 0%{?fedora} && 0%{?fedora} > 25 ) +Requires(post): policycoreutils-python-utils +Requires(postun): policycoreutils-python-utils +%endif + %description ganesha GlusterFS is a distributed file-system capable of scaling to several petabytes. It aggregates various storage bricks over Infiniband RDMA @@ -923,6 +928,14 @@ exit 0 %systemd_post glustereventsd %endif +%if ( 0%{!?_without_server:1} ) +%if ( 0%{?fedora} && 0%{?fedora} > 25 ) +%post ganesha +semanage boolean -m ganesha_use_fusefs --on +exit 0 +%endif +%endif + %if ( 0%{!?_without_georeplication:1} ) %post geo-replication if [ $1 -ge 1 ]; then @@ -1055,6 +1068,14 @@ fi exit 0 %endif +%if ( 0%{!?_without_server:1} ) +%if ( 0%{?fedora} && 0%{?fedora} > 25 ) +%postun ganesha +semanage boolean -m ganesha_use_fusefs --off +exit 0 +%endif +%endif + ##----------------------------------------------------------------------------- ## All %%files should be placed here and keep them grouped ## -- 1.8.3.1