Re: [Nfs-ganesha-devel] Selinux denials with version 2.6.1-0.1.el7

Tue, 15 May 2018 08:20:44 -0700 

This list has been deprecated. Please subscribe to the new devel list at 
lists.nfs-ganesha.org.
Hi, Muminul
Ganesha needed selinux policy added to allow it access to it's log and recovery directories. This was added in Fedora, but I don't know if it was added in Centos, or in what versions.
I suspect you're going to have to add exceptions for Ganesha to access /var/log/ganesha and /var/lib/nfs/ganesha (and maybe /etc/ganesha) to allow it to run when selinux is enforcing. 

Daniel

On 05/11/2018 02:47 PM, Muminul Islam Russell wrote:

This list has been deprecated. Please subscribe to the new devel list at 
lists.nfs-ganesha.org.
Hello All,

I am using nfs-ganesha version 2.6.1-0.1.el7 to mount with VFS and
CEPH. But unable to mount the FS with SELinux enabled. Mount works
fine with SELinux disabled.

I can see hundreds of SELinux denials in the audit log. Below are some
of the lines.

type=AVC msg=audit(1525811393.227:335): avc:  denied  {
dac_read_search } for  pid=2819 comm="master" capability=2
scontext=system_u:system_r:postfix_master_t:s0
tcontext=system_u:system_r:postfix_master_t:s0 tclass=capability
permissive=0

type=AVC msg=audit(1525808830.798:237): avc:  denied  { open } for
pid=3516 comm="ganesha.nfsd" path="/var/log/ganesha/ganesha.log"
dev="dm-0" ino=840795 scontext=system_u:system_r:ganesha_t:s0
tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=0


Could anyone help me how to resolve this issue.?

Thanks,
Muminul

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Nfs-ganesha-devel mailing list
Nfs-ganesha-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel




------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Nfs-ganesha-devel mailing list
Nfs-ganesha-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nfs-ganesha-devel

Reply via email to