Change in vdsm[master]: gluster: set selinux labels while creating bricks

[rnachimu]

Ramesh N has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 6:

PPC build is failing because of package installation issue. It fails to install 
the package tzdata.


DEBUG util.py:421:  Error downloading packages:
DEBUG util.py:421:tzdata-2016f-1.el7.noarch: [Errno 256] No more mirrors to 
try.

-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 6
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Dan Kenigsberg 
Gerrit-Reviewer: Francesco Romani 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Piotr Kliczewski 
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: Sahina Bose 
Gerrit-Reviewer: Yaniv Bronhaim 
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: No
___
vdsm-patches mailing list -- vdsm-patches@lists.fedorahosted.org
To unsubscribe send an email to vdsm-patches-le...@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[danken]

Dan Kenigsberg has submitted this change and it was merged.

Change subject: gluster: set selinux labels while creating bricks
..


gluster: set selinux labels while creating bricks

brick should have correct selinux labels on the brick mount
points. But it missing in the createBrick vdsm verb.

This patch sets the correct selinux lables on brick mount
point using 'restorecon' and 'semanage' commands

Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Bug-Url: https://bugzilla.redhat.com/1368474
Signed-off-by: Ramesh Nachimuthu 
Reviewed-on: https://gerrit.ovirt.org/62773
Continuous-Integration: Jenkins CI
Reviewed-by: Yaniv Bronhaim 
Reviewed-by: Piotr Kliczewski 
Reviewed-by: Sahina Bose 
Reviewed-by: Francesco Romani 
Reviewed-by: Dan Kenigsberg 
---
M lib/vdsm/gluster/exception.py
M vdsm/gluster/storagedev.py
2 files changed, 40 insertions(+), 0 deletions(-)

Approvals:
  Piotr Kliczewski: Looks good to me, but someone else must approve
  Yaniv Bronhaim: Looks good to me, but someone else must approve
  Jenkins CI: Passed CI tests
  Dan Kenigsberg: Looks good to me, approved
  Francesco Romani: Looks good to me, but someone else must approve
  Sahina Bose: Looks good to me, but someone else must approve
  Ramesh N: Verified



-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 6
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Dan Kenigsberg 
Gerrit-Reviewer: Francesco Romani 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Piotr Kliczewski 
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: Sahina Bose 
Gerrit-Reviewer: Yaniv Bronhaim 
Gerrit-Reviewer: gerrit-hooks 
___
vdsm-patches mailing list -- vdsm-patches@lists.fedorahosted.org
To unsubscribe send an email to vdsm-patches-le...@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[danken]

Dan Kenigsberg has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 5: Code-Review+2

raising score

-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 5
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Dan Kenigsberg 
Gerrit-Reviewer: Francesco Romani 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Piotr Kliczewski 
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: Sahina Bose 
Gerrit-Reviewer: Yaniv Bronhaim 
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: No
___
vdsm-patches mailing list -- vdsm-patches@lists.fedorahosted.org
To unsubscribe send an email to vdsm-patches-le...@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[automation]

gerrit-hooks has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 6:

* #1368474::Update tracker: OK
* Set MODIFIED::bug 1368474#1368474IGNORE, not all related patches are 
closed, check 62841

-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 6
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Dan Kenigsberg 
Gerrit-Reviewer: Francesco Romani 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Piotr Kliczewski 
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: Sahina Bose 
Gerrit-Reviewer: Yaniv Bronhaim 
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: No
___
vdsm-patches mailing list -- vdsm-patches@lists.fedorahosted.org
To unsubscribe send an email to vdsm-patches-le...@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[fromani]

Francesco Romani has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 5: Code-Review+1

ok, so let's go this route

-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 5
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Dan Kenigsberg 
Gerrit-Reviewer: Francesco Romani 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Piotr Kliczewski 
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: Sahina Bose 
Gerrit-Reviewer: Yaniv Bronhaim 
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: No
___
vdsm-patches mailing list -- vdsm-patches@lists.fedorahosted.org
To unsubscribe send an email to vdsm-patches-le...@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[sabose]

Sahina Bose has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 5:

> (1 comment)

Adding to what Ramesh said - /rhgs is a recommended mount point and not 
mandatory that all users mount the bricks here.The mount point can be changed 
at any time via engine configuration option

-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 5
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Dan Kenigsberg 
Gerrit-Reviewer: Francesco Romani 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Piotr Kliczewski 
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: Sahina Bose 
Gerrit-Reviewer: Yaniv Bronhaim 
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: No
___
vdsm-patches mailing list -- vdsm-patches@lists.fedorahosted.org
To unsubscribe send an email to vdsm-patches-le...@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[rnachimu]

Ramesh N has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 5:

(1 comment)

https://gerrit.ovirt.org/#/c/62773/5/vdsm/gluster/storagedev.py
File vdsm/gluster/storagedev.py:

Line 329: try:
Line 330: selinux.restorecon(mountPoint, recursive=True)
Line 331: except OSError as e:
Line 332: errMsg = "[Errno %s] %s: '%s'" % (e.errno, e.strerror, 
e.filename)
Line 333: raise ge.GlusterHostFailedToRunRestorecon(mountPoint, 
err=errMsg)
> this works, no doubt about that, but why has not the parent directory (/rhg
Only reason why we can't follow this approach is because /rhgs is not the mount 
point always. Default mount point is configurable in the ovirt engine and user 
can change the mount point to any location per brick.


-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 5
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Dan Kenigsberg 
Gerrit-Reviewer: Francesco Romani 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Piotr Kliczewski 
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: Sahina Bose 
Gerrit-Reviewer: Yaniv Bronhaim 
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: Yes
___
vdsm-patches mailing list -- vdsm-patches@lists.fedorahosted.org
To unsubscribe send an email to vdsm-patches-le...@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[fromani]

Francesco Romani has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 5:

(1 comment)

https://gerrit.ovirt.org/#/c/62773/5/vdsm/gluster/storagedev.py
File vdsm/gluster/storagedev.py:

Line 329: try:
Line 330: selinux.restorecon(mountPoint, recursive=True)
Line 331: except OSError as e:
Line 332: errMsg = "[Errno %s] %s: '%s'" % (e.errno, e.strerror, 
e.filename)
Line 333: raise ge.GlusterHostFailedToRunRestorecon(mountPoint, 
err=errMsg)
this works, no doubt about that, but why has not the parent directory (/rhgs) 
the right labelling in the first place?
Let me share on example of what I mean

On a pristine CentOS 7.2 box (which I have handy for experimenting):

KENji> 13:21:56 root [~]$ mkdir /rhgs
KENji> 13:22:00 root [~]$ ls -lhZd /rhgs
drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 /rhgs

So /rhgs has wrong context. And it is empty:
KENji> 13:22:05 root [~]$ ls -lh /rhgs
total 0

Let's fix the context of this root directory:
KENji> 13:22:46 root [~]$ semanage fcontext -a -t glusterd_brick_t /rhgs
KENji> 13:23:22 root [~]$ restorecon -Rv /rhgs/
restorecon reset /rhgs context 
unconfined_u:object_r:default_t:s0->unconfined_u:object_r:glusterd_brick_t:s0

Now, if we create any subfolder:
KENji> 13:23:31 root [~]$ mkdir /rhgs/brick1
KENji> 13:23:54 root [~]$ mkdir /rhgs/brick2
KENji> 13:23:54 root [~]$ ls -lh /rhgs
total 8.0K
drwxr-xr-x. 2 root root 4.0K Sep 20 13:23 brick1
drwxr-xr-x. 2 root root 4.0K Sep 20 13:23 brick2
KENji> 13:23:58 root [~]$ ls -lhZd /rhgs
drwxr-xr-x. root root unconfined_u:object_r:glusterd_brick_t:s0 /rhgs
KENji> 13:24:04 root [~]$ ls -lhZd /rhgs/*
drwxr-xr-x. root root unconfined_u:object_r:glusterd_brick_t:s0 /rhgs/brick1
drwxr-xr-x. root root unconfined_u:object_r:glusterd_brick_t:s0 /rhgs/brick2


Looks better, and it has the correct context since the beginning, no room for 
races.

Is that what you want? Please confirm. If so, fixing the context of the parent 
seems better; I'm pretty sure we can make one step even further and patch the 
selinux-policy package to make sure the /rhgs directory gets the right context 
when it is created, but I don't have the instructions handy now. Could be worth 
to just file a bug and depend on that.


-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 5
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Dan Kenigsberg 
Gerrit-Reviewer: Francesco Romani 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Piotr Kliczewski 
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: Sahina Bose 
Gerrit-Reviewer: Yaniv Bronhaim 
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: Yes
___
vdsm-patches mailing list -- vdsm-patches@lists.fedorahosted.org
To unsubscribe send an email to vdsm-patches-le...@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[rnachimu]

Ramesh N has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 5:

Gluster has an selinux policy which expects the brick dirs to have specific 
selinux context/label set. Brick dirs are created as part of createBrick vdsm 
verb and we are trying to set selinux context on the newly created brick dirs. 
In case of gluster brick creation, user can choose any dir as brick mountpoint 
and create brick directory under the mount point. This is different from other 
cases where we always create dirs in a predefined path without any user 
intervention. 

So how can we ensure that correct labels are set on these newly created brick 
dirs?

-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 5
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Dan Kenigsberg 
Gerrit-Reviewer: Francesco Romani 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Piotr Kliczewski 
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: Sahina Bose 
Gerrit-Reviewer: Yaniv Bronhaim 
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/vdsm-patches@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[fromani]

Francesco Romani has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 5:

"selinux policy levels" -> I mean: shouldn't this be set with right permissions 
from the start, instead that be fixed later?
When we had this issue elsewhere in Vdsm, almost everytime turned out it was a 
bug in the selinux-policy package

-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 5
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Dan Kenigsberg 
Gerrit-Reviewer: Francesco Romani 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Piotr Kliczewski 
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: Sahina Bose 
Gerrit-Reviewer: Yaniv Bronhaim 
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/vdsm-patches@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[fromani]

Francesco Romani has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 5: Code-Review-1

-1 for visibility

-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 5
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Dan Kenigsberg 
Gerrit-Reviewer: Francesco Romani 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Piotr Kliczewski 
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: Sahina Bose 
Gerrit-Reviewer: Yaniv Bronhaim 
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/vdsm-patches@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[fromani]

Francesco Romani has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 5:

Isn't this something that must be handled at selinux policy levels?
To fix it afterwards is hacky and racy, is this our only option, or this is a 
temporary fix?

-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 5
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Dan Kenigsberg 
Gerrit-Reviewer: Francesco Romani 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Piotr Kliczewski 
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: Sahina Bose 
Gerrit-Reviewer: Yaniv Bronhaim 
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/vdsm-patches@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[sabose]

Sahina Bose has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 5: Code-Review+1

-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 5
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Dan Kenigsberg 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Piotr Kliczewski 
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: Sahina Bose 
Gerrit-Reviewer: Yaniv Bronhaim 
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/vdsm-patches@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[rnachimu]

Ramesh N has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 5: Verified+1

-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 5
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Dan Kenigsberg 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Piotr Kliczewski 
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: Sahina Bose 
Gerrit-Reviewer: Yaniv Bronhaim 
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/vdsm-patches@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[piotr . kliczewski]

Piotr Kliczewski has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 5: Code-Review+1

-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 5
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Dan Kenigsberg 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Piotr Kliczewski 
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: Sahina Bose 
Gerrit-Reviewer: Yaniv Bronhaim 
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/vdsm-patches@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[ybronhei]

Yaniv Bronhaim has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 5: Code-Review+1

-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 5
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Dan Kenigsberg 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: Sahina Bose 
Gerrit-Reviewer: Yaniv Bronhaim 
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/vdsm-patches@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[automation]

gerrit-hooks has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 5:

* #1368474::Update tracker: OK
* Check Bug-Url::OK
* Check Public Bug::#1368474::OK, public bug
* Check Product::#1368474::OK, Correct classification oVirt
* Check TM::SKIP, not in a monitored branch (ovirt-3.6 ovirt-4.0)
* Check merged to previous::IGNORE, Not in stable branch (['ovirt-3.6', 
'ovirt-4.0'])

-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 5
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Dan Kenigsberg 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: Sahina Bose 
Gerrit-Reviewer: Yaniv Bronhaim 
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/vdsm-patches@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[rnachimu]

Ramesh N has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 4:

(1 comment)

https://gerrit.ovirt.org/#/c/62773/4/lib/vdsm/gluster/exception.py
File lib/vdsm/gluster/exception.py:

Line 481: 
Line 482: class GlusterHostFailedToSetSelinuxContext(GlusterHostException):
Line 483: code = 4420
Line 484: 
Line 485: def __init__(self, brickMountPoint=None, rc=0, out=(), err=()):
> actually it can't be done. Let me remove the default.
Looks like we need the default arguments because of an issue in python. 

see for more info on this. https://gerrit.ovirt.org/#/c/45001
Line 486: self.rc = rc
Line 487: self.out = out
Line 488: self.err = err
Line 489: self.message = "Failed to set selinux context on the brick : 
%s" \


-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 4
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Dan Kenigsberg 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: Sahina Bose 
Gerrit-Reviewer: Yaniv Bronhaim 
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: Yes
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/vdsm-patches@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[rnachimu]

Ramesh N has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 4:

(1 comment)

https://gerrit.ovirt.org/#/c/62773/4/vdsm/gluster/storagedev.py
File vdsm/gluster/storagedev.py:

Line 331: 
Line 332: rc, out, err = commands.execCmd([_restoreconCommandPath.cmd,
Line 333: '-Rv', mountPoint])
Line 334: if rc:
Line 335: raise ge.GlusterHostFailedToRunRestorecon(mountPoint, rc, 
out, err)
> Isn't there a way to scan for the brick list ?
Only way is to scan through the mount points and if anything mounted on the 
bricks default mount point then consider that as brick. But it is not reliable 
since user can give any mount point while creating brick. In some cases user 
may have manually created these bricks and mounted manually. Also vdsm doesn't 
know the default brick mount point. It is maintained in engine config.
Line 336: 


-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 4
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Dan Kenigsberg 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: Sahina Bose 
Gerrit-Reviewer: Yaniv Bronhaim 
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: Yes
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/vdsm-patches@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[ybronhei]

Yaniv Bronhaim has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 4:

(1 comment)

https://gerrit.ovirt.org/#/c/62773/4/vdsm/gluster/storagedev.py
File vdsm/gluster/storagedev.py:

Line 331: 
Line 332: rc, out, err = commands.execCmd([_restoreconCommandPath.cmd,
Line 333: '-Rv', mountPoint])
Line 334: if rc:
Line 335: raise ge.GlusterHostFailedToRunRestorecon(mountPoint, rc, 
out, err)
> this is not possible with gluster. We don't maintain the bricks list in vds
Isn't there a way to scan for the brick list ?
Line 336: 


-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 4
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Dan Kenigsberg 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: Sahina Bose 
Gerrit-Reviewer: Yaniv Bronhaim 
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: Yes
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/vdsm-patches@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[rnachimu]

Ramesh N has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 4:

(4 comments)

https://gerrit.ovirt.org/#/c/62773/4/lib/vdsm/gluster/exception.py
File lib/vdsm/gluster/exception.py:

Line 481: 
Line 482: class GlusterHostFailedToSetSelinuxContext(GlusterHostException):
Line 483: code = 4420
Line 484: 
Line 485: def __init__(self, brickMountPoint=None, rc=0, out=(), err=()):
> why having default None? the print will be redundant when its None
actually it can't be done. Let me remove the default.
Line 486: self.rc = rc
Line 487: self.out = out
Line 488: self.err = err
Line 489: self.message = "Failed to set selinux context on the brick : 
%s" \


https://gerrit.ovirt.org/#/c/62773/4/vdsm/gluster/storagedev.py
File vdsm/gluster/storagedev.py:

Line 57: _semanageCommandPath = utils.CommandPath("semanage",
Line 58:  "/sbin/semanage",
Line 59:  "/usr/sbin/semanage",)
Line 60: _restoreconCommandPath = utils.CommandPath("restorecon",
Line 61:"/sbin/restorecon",
> in gluster/api.py you use selinux.restorecon . why here you don't use the s
Thank you for pointing it out. I can use the selinux package.
Line 62:"/usr/sbin/restorecon",)
Line 63: 
Line 64: # All size are in MiB unless otherwise specified
Line 65: DEFAULT_CHUNK_SIZE_KB = 256


Line 58:  "/sbin/semanage",
Line 59:  "/usr/sbin/semanage",)
Line 60: _restoreconCommandPath = utils.CommandPath("restorecon",
Line 61:"/sbin/restorecon",
Line 62:"/usr/sbin/restorecon",)
> we also have RESTORECON_PATH - maybe you can fix RESTORECON_PATH's paths an
not needed if I use the selinux package.
Line 63: 
Line 64: # All size are in MiB unless otherwise specified
Line 65: DEFAULT_CHUNK_SIZE_KB = 256
Line 66: DEFAULT_METADATA_SIZE_KB = 16777216


Line 331: 
Line 332: rc, out, err = commands.execCmd([_restoreconCommandPath.cmd,
Line 333: '-Rv', mountPoint])
Line 334: if rc:
Line 335: raise ge.GlusterHostFailedToRunRestorecon(mountPoint, rc, 
out, err)
> maybe this should be part of vdsm-tool configure sebool (configurators/sebo
this is not possible with gluster. We don't maintain the bricks list in vdsm. 
So if selinux was disabled while creating brick but enabled afterwards, then 
user may have to manually run these commands for all the bricks.
Line 336: 


-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 4
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Dan Kenigsberg 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: Sahina Bose 
Gerrit-Reviewer: Yaniv Bronhaim 
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: Yes
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/vdsm-patches@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[ybronhei]

Yaniv Bronhaim has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 4:

(4 comments)

https://gerrit.ovirt.org/#/c/62773/4/lib/vdsm/gluster/exception.py
File lib/vdsm/gluster/exception.py:

Line 481: 
Line 482: class GlusterHostFailedToSetSelinuxContext(GlusterHostException):
Line 483: code = 4420
Line 484: 
Line 485: def __init__(self, brickMountPoint=None, rc=0, out=(), err=()):
why having default None? the print will be redundant when its None
Line 486: self.rc = rc
Line 487: self.out = out
Line 488: self.err = err
Line 489: self.message = "Failed to set selinux context on the brick : 
%s" \


https://gerrit.ovirt.org/#/c/62773/4/vdsm/gluster/storagedev.py
File vdsm/gluster/storagedev.py:

Line 57: _semanageCommandPath = utils.CommandPath("semanage",
Line 58:  "/sbin/semanage",
Line 59:  "/usr/sbin/semanage",)
Line 60: _restoreconCommandPath = utils.CommandPath("restorecon",
Line 61:"/sbin/restorecon",
in gluster/api.py you use selinux.restorecon . why here you don't use the 
selinux package?
Line 62:"/usr/sbin/restorecon",)
Line 63: 
Line 64: # All size are in MiB unless otherwise specified
Line 65: DEFAULT_CHUNK_SIZE_KB = 256


Line 58:  "/sbin/semanage",
Line 59:  "/usr/sbin/semanage",)
Line 60: _restoreconCommandPath = utils.CommandPath("restorecon",
Line 61:"/sbin/restorecon",
Line 62:"/usr/sbin/restorecon",)
we also have RESTORECON_PATH - maybe you can fix RESTORECON_PATH's paths and 
use it?
Line 63: 
Line 64: # All size are in MiB unless otherwise specified
Line 65: DEFAULT_CHUNK_SIZE_KB = 256
Line 66: DEFAULT_METADATA_SIZE_KB = 16777216


Line 331: 
Line 332: rc, out, err = commands.execCmd([_restoreconCommandPath.cmd,
Line 333: '-Rv', mountPoint])
Line 334: if rc:
Line 335: raise ge.GlusterHostFailedToRunRestorecon(mountPoint, rc, 
out, err)
maybe this should be part of vdsm-tool configure sebool 
(configurators/sebool.py) ? if selinux was disabled when this function was 
called but later turned to enabled - nothing will set the context. in vdsm 
documentation we should ask users to run vdsm-tool configure after changing 
selinux state
Line 336: 


-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 4
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Dan Kenigsberg 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: Sahina Bose 
Gerrit-Reviewer: Yaniv Bronhaim 
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: Yes
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/vdsm-patches@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[sabose]

Sahina Bose has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 4: Code-Review+1

-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 4
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: Sahina Bose 
Gerrit-Reviewer: Yaniv Bronhaim 
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/vdsm-patches@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[rnachimu]

Ramesh N has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 2:

(1 comment)

https://gerrit.ovirt.org/#/c/62773/2/vdsm/gluster/storagedev.py
File vdsm/gluster/storagedev.py:

Line 321: 
Line 322: rc, out, err = commands.execCmd([_restoreconCommandPath.cmd,
Line 323: '-Rv', mountPoint])
Line 324: if rc:
Line 325: raise ge.GlusterHostFailedToRunRestorecon(mountPoint, rc, 
out, err)
> Good point. Is there way to tell the user that selinux labels where not set
It will be anyway handled by the engine via exception handling. There will be 
specific error shown saying failed to set selinux labels on the brick. So I 
hope its ok.

Note: I moved this as the last step in latest patch set. Also it should be 
executed only when selinux is enabled(either enforcing or permissive).
Line 326: 
Line 327: # bz#1230495: lvm devices are invisible and appears only after 
vgscan
Line 328: # Workaround: Till the bz gets fixed, We use vgscan to refresh 
LVM devices
Line 329: rc, out, err = commands.execCmd([_vgscanCommandPath.cmd])


-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 2
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: Sahina Bose 
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: Yes
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/vdsm-patches@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[automation]

gerrit-hooks has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 4:

* #1368474::Update tracker: OK
* Check Bug-Url::OK
* Check Public Bug::#1368474::OK, public bug
* Check Product::#1368474::OK, Correct classification oVirt
* Check TM::SKIP, not in a monitored branch (ovirt-3.6 ovirt-4.0)
* Check merged to previous::IGNORE, Not in stable branch (['ovirt-3.6', 
'ovirt-4.0'])

-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 4
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: Sahina Bose 
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/vdsm-patches@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[automation]

gerrit-hooks has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 3:

* #1368474::Update tracker: OK
* Check Bug-Url::OK
* Check Public Bug::#1368474::OK, public bug
* Check Product::#1368474::OK, Correct classification oVirt
* Check TM::SKIP, not in a monitored branch (ovirt-3.6 ovirt-4.0)
* Check merged to previous::IGNORE, Not in stable branch (['ovirt-3.6', 
'ovirt-4.0'])

-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 3
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: Sahina Bose 
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/vdsm-patches@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[rnachimu]

Ramesh N has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 2:

(1 comment)

https://gerrit.ovirt.org/#/c/62773/2/vdsm/gluster/storagedev.py
File vdsm/gluster/storagedev.py:

Line 321: 
Line 322: rc, out, err = commands.execCmd([_restoreconCommandPath.cmd,
Line 323: '-Rv', mountPoint])
Line 324: if rc:
Line 325: raise ge.GlusterHostFailedToRunRestorecon(mountPoint, rc, 
out, err)
> should brick creation fail on failure to set selinux context?
Good point. Is there way to tell the user that selinux labels where not set 
correctly.
Note: at this stage, brick is created and mounted but the /etc/fstab entry and 
selinux labels are missing.
Line 326: 
Line 327: # bz#1230495: lvm devices are invisible and appears only after 
vgscan
Line 328: # Workaround: Till the bz gets fixed, We use vgscan to refresh 
LVM devices
Line 329: rc, out, err = commands.execCmd([_vgscanCommandPath.cmd])


-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 2
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: Sahina Bose 
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: Yes
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/vdsm-patches@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[sabose]

Sahina Bose has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 2:

(1 comment)

https://gerrit.ovirt.org/#/c/62773/2/vdsm/gluster/storagedev.py
File vdsm/gluster/storagedev.py:

Line 321: 
Line 322: rc, out, err = commands.execCmd([_restoreconCommandPath.cmd,
Line 323: '-Rv', mountPoint])
Line 324: if rc:
Line 325: raise ge.GlusterHostFailedToRunRestorecon(mountPoint, rc, 
out, err)
should brick creation fail on failure to set selinux context?
Line 326: 
Line 327: # bz#1230495: lvm devices are invisible and appears only after 
vgscan
Line 328: # Workaround: Till the bz gets fixed, We use vgscan to refresh 
LVM devices
Line 329: rc, out, err = commands.execCmd([_vgscanCommandPath.cmd])


-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 2
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: Sahina Bose 
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: Yes
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/vdsm-patches@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[rnachimu]

Ramesh N has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 2: Verified+1

-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 2
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: Ramesh N 
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/vdsm-patches@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[automation]

gerrit-hooks has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 2:

* #1368474::Update tracker: OK
* Check Bug-Url::OK
* Check Public Bug::#1368474::OK, public bug
* Check Product::#1368474::OK, Correct classification oVirt
* Check TM::SKIP, not in a monitored branch (ovirt-3.6 ovirt-4.0)
* Check merged to previous::IGNORE, Not in stable branch (['ovirt-3.6', 
'ovirt-4.0'])

-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 2
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/vdsm-patches@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[automation]

gerrit-hooks has posted comments on this change.

Change subject: gluster: set selinux labels while creating bricks
..


Patch Set 1:

* #1368474::Update tracker: OK
* Check Bug-Url::OK
* Check Public Bug::#1368474::OK, public bug
* Check Product::#1368474::OK, Correct classification oVirt
* Check TM::SKIP, not in a monitored branch (ovirt-3.6 ovirt-4.0)
* Check merged to previous::IGNORE, Not in stable branch (['ovirt-3.6', 
'ovirt-4.0'])

-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: comment
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
Gerrit-Reviewer: Jenkins CI
Gerrit-Reviewer: gerrit-hooks 
Gerrit-HasComments: No
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/vdsm-patches@lists.fedorahosted.org

Change in vdsm[master]: gluster: set selinux labels while creating bricks

[rnachimu]

Ramesh N has uploaded a new change for review.

Change subject: gluster: set selinux labels while creating bricks
..

gluster: set selinux labels while creating bricks

brick should have correct selinux labels on the brick mount
points. But it missing in the createBrick vdsm verb.

This patch sets the correct selinux lables on brick mount
point using 'restorecon' and 'semanage' commands

Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Bug-Url: https://bugzilla.redhat.com/1368474
Signed-off-by: Ramesh Nachimuthu 
---
M lib/vdsm/gluster/exception.py
M vdsm/gluster/storagedev.py
2 files changed, 40 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.ovirt.org:29418/vdsm refs/changes/73/62773/1

diff --git a/lib/vdsm/gluster/exception.py b/lib/vdsm/gluster/exception.py
index 43ad1da..2fad69e 100644
--- a/lib/vdsm/gluster/exception.py
+++ b/lib/vdsm/gluster/exception.py
@@ -479,6 +479,28 @@
 message = "vgscan failed"
 
 
+class GlusterHostFailedToSetSelinuxContext(GlusterHostException):
+code = 4420
+
+def __init__(self, brickMountPoint=None, rc=0, out=(), err=()):
+self.rc = rc
+self.out = out
+self.err = err
+self.message = "Failed to set selinux context on the brick : %s" \
+   % (brickMountPoint)
+
+
+class GlusterHostFailedToRunRestorecon(GlusterHostException):
+code = 4421
+
+def __init__(self, brickMountPoint=None, rc=0, out=(), err=()):
+self.rc = rc
+self.out = out
+self.err = err
+self.message = "Failed to run restorecon on the brick : %s" \
+   % (brickMountPoint)
+
+
 # Hook
 class GlusterHookException(GlusterException):
 code = 4500
diff --git a/vdsm/gluster/storagedev.py b/vdsm/gluster/storagedev.py
index 4b56b3c..5ddbb6b 100644
--- a/vdsm/gluster/storagedev.py
+++ b/vdsm/gluster/storagedev.py
@@ -54,6 +54,12 @@
 _vgscanCommandPath = utils.CommandPath("vgscan",
"/sbin/vgscan",
"/usr/sbin/vgscan",)
+_semanageCommandPath = utils.CommandPath("semanage",
+ "/sbin/semanage",
+ "/usr/sbin/semanage",)
+_restoreconCommandPath = utils.CommandPath("restorecon",
+   "/sbin/restorecon",
+   "/usr/sbin/restorecon",)
 
 # All size are in MiB unless otherwise specified
 DEFAULT_CHUNK_SIZE_KB = 256
@@ -306,6 +312,18 @@
 thinlv.format.setup(mountpoint=mountPoint)
 blivetEnv.doIt()
 
+#Set correct selinux labels on the brick
+rc, out, err = commands.execCmd([_semanageCommandPath.cmd,
+ 'fcontext', '-a', '-t',
+ 'glusterd_brick_t', mountPoint])
+if rc:
+raise ge.GlusterHostFailedToSetSelinuxContext(mountPoint, rc, out, err)
+
+rc, out, err = commands.execCmd([_restoreconCommandPath.cmd,
+'-Rv', mountPoint])
+if rc:
+raise ge.GlusterHostFailedToRunRestorecon(mountPoint, rc, out, err)
+
 # bz#1230495: lvm devices are invisible and appears only after vgscan
 # Workaround: Till the bz gets fixed, We use vgscan to refresh LVM devices
 rc, out, err = commands.execCmd([_vgscanCommandPath.cmd])


-- 
To view, visit https://gerrit.ovirt.org/62773
To unsubscribe, visit https://gerrit.ovirt.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I1ca5fec80831073643635875095b88c1c4c2132e
Gerrit-PatchSet: 1
Gerrit-Project: vdsm
Gerrit-Branch: master
Gerrit-Owner: Ramesh N 
___
vdsm-patches mailing list
vdsm-patches@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/vdsm-patches@lists.fedorahosted.org