Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gluster's Event Deamon is not allowed by SELINUX #27

Open
hunter86bg opened this issue Jan 9, 2022 · 6 comments
Open

Gluster's Event Deamon is not allowed by SELINUX #27

hunter86bg opened this issue Jan 9, 2022 · 6 comments

Comments

@hunter86bg
Copy link

Symptom:

glustereventsd[1312]: Failed to start Eventsd for IPv4: [Errno 13] Permission denied

Event's Daemon Config:

# cat /etc/glusterfs/eventsconfig.json 
{
    "log-level": "INFO",
    "port": 24009,
    "disable-events-log": false
}

AVC Denied:

type=AVC msg=audit(1641684058.017:1042): avc:  denied  { name_bind } for  pid=5949 comm="glustereventsd" src=24009 scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=udp_socket permissive=0
type=AVC msg=audit(1641684806.621:83): avc:  denied  { name_bind } for  pid=1312 comm="glustereventsd" src=24009 scontext=system_u:system_r:glusterd_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=udp_socket permissive=0
type=USER_MAC_CONFIG_CHANGE msg=audit(1641741688.121:828): pid=149221 uid=0 auid=0 ses=14 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='resrc=port op=add lport=24009 proto=17 tcontext=system_u:object_r:gluster_port_t:s0 comm="semanage" exe="/usr/libexec/platform-python3.6" hostname=? addr=? terminal=? res=success'�UID="root" AUID="root"

Workaround:

# semanage port -a -t gluster_port_t -p udp 24009

Installed package:

# rpm -q glusterfs-selinux
glusterfs-selinux-2.0.1-1.el8.noarch
@hunter86bg
Copy link
Author

@Shwetha-Acharya ,
can you guide me into it ?

@Shwetha-Acharya
Copy link
Collaborator

@hunter86bg gluster/glusterfs#2091 PR which is part of devel branch should be addressing the issue you are facing.

Which version of glusterfs are you using?

@hunter86bg
Copy link
Author

@Shwetha-Acharya ,
oVirt is currently using 8.6 but I believe it will move to v9 with 4.5

@Shwetha-Acharya
Copy link
Collaborator

@hunter86bg gluster/glusterfs#2091 is part of glusterfs release 10 (10.0rc0 onwards)
Best we can do is to backport this to release 9 and make this PR available 9.6 onwards

@hunter86bg
Copy link
Author

@Shwetha-Acharya ,

thanks that will also work.
As per my understanding glustereventsd config won't be changed on upgrade and oVirt has to do it manually, right ?

@Shwetha-Acharya
Copy link
Collaborator

@hunter86bg I have backported gluster/glusterfs#2091 for release 9, once it is merged and 9.6 version is up, that PR will be available.

As per my understanding glustereventsd config won't be changed on upgrade

yes, on upgrade configs should/will not be changing.

We will have to rely on command you suggested as workaround if we want to manually change the custom port. @riteshchikatwar can add more about ovirt.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hunter86bg @Shwetha-Acharya