Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-857

Lustre client tolerates enforced SELinux.

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Fixed
    • Minor
    • Lustre 2.2.0, Lustre 2.1.3
    • Lustre 2.0.0, Lustre 2.1.0
    • None
    • 4843

    Description

      This issue impacts Lustre 2.x releases on RHEL 6. This is possible that the same issues exists with Lustre 1.x.

      The problem is that you cannot use a Lustre filesystem with SELinux enforced, even if your Lustre policies only apply to all other filesystems, but not Lustre!

      If you do so, accesses to Lustre directories will be denied in some cases. However, file accesses in the same directory are granted. There is no SELinux policy involved here. This kind of configuration is used in production on our Lustre 1.6/RHEL 5 systems without any issues.

      Here is a 2-line patch to have a common behavior on RHEL5/RHEL6.
      Note: It does not add a real SELinux support for Lustre but ables to activate it for all other local filesystems, without Lustre misbehaving.

      Steps to reproduce the issue:

      # setenforce Enforcing
# cd /mnt/lustre
# mkdir foo
# cd foo
# ls: Permission denied

      Attachments

        Issue Links

          Trackbacks

          [Confluence: Whamcloud Community Space] Changelog 2.1 Changes from version 2.1.2 to version 2.1.3 Server support for kernels: 2.6.18308.13.1.el5 (RHEL5) 2.6.32279.2.1.el6 (RHEL6) Client support for unpatched kernels: 2.6.18308.13.1.el5 (RHEL5) 2.6.32279.2.1....

          Activity

            People

              niu Niu Yawei (Inactive)
              adegremont Aurelien Degremont (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: