[Linux-cluster] RHEL4.5, GFS and selinux, are they playing nice?
Roger Peña
orkcu at yahoo.com
Wed Sep 12 20:37:03 UTC 2007
--- Ryan O'Hara <rohara at redhat.com> wrote:
>
> Roger Peña wrote:
>
> >> is this related to the fact that selinux policy
> >> stated
> >> this:
> >> genfscon gfs / system_u:object_r:nfs_t
>
> Yes. This is what would be used for a filesystem
> that does not support
> selinux xattrs. In RHEL4.5, SELinux xattr support
> was added to GFS.
> However...
>
> > should I follow what is stated for reiserfs in
> this
> > url:
> > http://james-morris.livejournal.com/3580.html
>
> Yes. GFS needs to be defined as a filesystem that
> supports selinux xattrs.
>
> > if I should do it, because is the right thing to
> do,
> > why:
> > 1- redhat did not do it for the release of 4.5 ?
>
> The reason that the selinux policy was not updated
> for RHEL4.5 (in
> regards to selinux xattr support for GFS) is
> described in BZ 215559,
> comment #3:
>
> "Changing this on the installed environment could
> have unexpected
> results. For example, currently all files on gfs
> are unlabled and
> treated as nfs_t. If I suddenly make this change,
> these file would then
> be treated file_t and any domain that was using them
> would become unable
> to . This would require a relabel to fix. And
> could cause hundreds of
> AVC messages. I do not feel this is worth it since
> almost everyone will
> not use the labels on GFS to treat one file
> differently than another. In
> the future, where you might have /usr mounted on a
> gfs or gfs2
> partition, this would become more valuable."
thanks a lot
I had few days looking in the net but never look in
bugzilla :-( jejejeje
>
> > 2- others aren't getting this king of problems?
>
> I'm not sure how many people are using GFS with
> SELinux enabled. :)
I was forced to, by httpd, it complain about not able
to open configuration files and documentRoots ....
ok, I will try to follow what stated in the webpage,
and relabel the system, but this after I study a litle
bit more about selinux :-)
thanks again
roger
__________________________________________
RedHat Certified ( RHCE )
Cisco Certified ( CCNA & CCDA )
____________________________________________________________________________________
Fussy? Opinionated? Impossible to please? Perfect. Join Yahoo!'s user panel and lay it on us. http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
More information about the Linux-cluster
mailing list