From c90038f9a3e01d07f1e797c613b0863a43e06d35 Mon Sep 17 00:00:00 2001 From: "Kaleb S. KEITHLEY" Date: Mon, 17 Jul 2017 11:07:40 -0400 Subject: [PATCH 68/74] common-ha: enable and disable selinux gluster_use_execmem Starting in Fedora 26 and RHEL 7.4 there are new targeted policies in selinux which include a tuneable to allow glusterd->ganesha-ha.sh->pcs to access the pcs config, i.e. gluster-use-execmem. Note. rpm doesn't have a way to distinguish between RHEL 7.3 or 7.4 or between 3.13.1-X and 3.13.1-Y so it can't be enabled for RHEL at this time. /usr/sbin/semanage is in policycoreutils-python in RHEL (versus policycoreutils-python-utils in Fedora.) Requires selinux-policy >= 3.13.1-160 in RHEL7. The corresponding version in Fedora 26 seems to be selinux-policy-3.13.1-259 or so. (Maybe earlier versions, but that's what was in F26 when I checked.) Change-Id: Ic474b3f7739ff5be1e99d94d00b55caae4ceb5a0 Signed-off-by: Kaleb S. KEITHLEY Reviewed-on: https://review.gluster.org/17806 Smoke: Gluster Build System CentOS-regression: Gluster Build System Reviewed-by: soumya k Reviewed-by: Atin Mukherjee --- extras/ganesha/scripts/ganesha-ha.sh | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/extras/ganesha/scripts/ganesha-ha.sh b/extras/ganesha/scripts/ganesha-ha.sh index ce5ff20..0b7642d 100644 --- a/extras/ganesha/scripts/ganesha-ha.sh +++ b/extras/ganesha/scripts/ganesha-ha.sh @@ -984,6 +984,9 @@ main() usage exit 0 fi + + semanage boolean -m gluster_use_execmem --on + HA_CONFDIR=${1%/}; shift local ha_conf=${HA_CONFDIR}/ganesha-ha.conf local node="" @@ -1129,6 +1132,9 @@ $HA_CONFDIR/ganesha-ha.conf ;; esac + + semanage boolean -m gluster_use_execmem --off + } main $* -- 1.8.3.1