This fixes the selinux errors like this for /etc/target
-----------------------------------
Additional Information:
Source Context system_u:system_r:ceph_t:s0
Target Context system_u:object_r:targetd_etc_rw_t:s0
Target Objects target [ dir ]
Source rbd-target-api
Source Path rbd-target-api
Port <Unknown>
Host ans8
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.14.3-20.el8.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name ans8
Platform Linux ans8 4.18.0-147.el8.x86_64 #1 SMP
Thu Sep 26
15:52:44 UTC 2019 x86_64 x86_64
Alert Count 1
First Seen 2020-01-08 18:39:48 EST
Last Seen 2020-01-08 18:39:48 EST
Local ID 9a13ee18-eaf2-4f2a-872f-2809ee4928f6
Raw Audit Messages
type=AVC msg=audit(1578526788.148:69): avc: denied { search } for
pid=995 comm="rbd-target-api" name="target" dev="sda1" ino=52198
scontext=system_u:system_r:ceph_t:s0
tcontext=system_u:object_r:targetd_etc_rw_t:s0 tclass=dir permissive=1
Hash: rbd-target-api,ceph_t,targetd_etc_rw_t,dir,search
which are a result of the rtslib library the ceph-iscsi daemons use
accessing /etc/target to read/write a file which stores meta data the
target uses.
Signed-off-by: Mike Christie <mchristi@redhat.com>
This fixes the the following selinux error when using ceph-iscsi's
rbd-target-api daemon (rbd-target-gw has the same issue). They are
a result of the a python library, rtslib, which the daemons use.
Additional Information:
Source Context system_u:system_r:ceph_t:s0
Target Context system_u:object_r:configfs_t:s0
Target Objects
/sys/kernel/config/target/iscsi/iqn.2003-01.com.re
dhat:ceph-iscsi/tpgt_1/attrib/authentication
[
file ]
Source rbd-target-api
Source Path /usr/libexec/platform-python3.6
Port <Unknown>
Host ans8
Source RPM Packages platform-python-3.6.8-15.1.el8.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.14.3-20.el8.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name ans8
Platform Linux ans8 4.18.0-147.el8.x86_64 #1 SMP
Thu Sep 26
15:52:44 UTC 2019 x86_64 x86_64
Alert Count 1
First Seen 2020-01-08 18:39:47 EST
Last Seen 2020-01-08 18:39:47 EST
Local ID 6f8c3415-7a50-4dc8-b3d2-2621e1d00ca3
Raw Audit Messages
type=AVC msg=audit(1578526787.577:68): avc: denied { ioctl } for
pid=995 comm="rbd-target-api"
path="/sys/kernel/config/target/iscsi/iqn.2003-01.com.redhat:ceph-iscsi/tpgt_1/attrib/authentication"
dev="configfs" ino=25703 ioctlcmd=0x5401
scontext=system_u:system_r:ceph_t:s0
tcontext=system_u:object_r:configfs_t:s0 tclass=file permissive=1
type=SYSCALL msg=audit(1578526787.577:68): arch=x86_64 syscall=ioctl
success=no exit=ENOTTY a0=34 a1=5401 a2=7ffd4f8f1f60 a3=3052cd2d95839b96
items=0 ppid=1 pid=995 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0
egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=rbd-target-api
exe=/usr/libexec/platform-python3.6 subj=system_u:system_r:ceph_t:s0
key=(null)
Hash: rbd-target-api,ceph_t,configfs_t,file,ioctl
Signed-off-by: Mike Christie <mchristi@redhat.com>
Fixes:
```
Traceback (most recent call last):
File "./cephadm", line 4494, in <module>
r = args.func()
File "./cephadm", line 1077, in _infer_fsid
return func()
File "./cephadm", line 1103, in _infer_image
return func()
File "./cephadm", line 2813, in command_ceph_volume
l = FileLock(args.fsid)
File "./cephadm", line 560, in __init__
self._lock_file = os.path.join(LOCK_DIR, name + '.lock')
TypeError: unsupported operand type(s) for +: 'NoneType' and 'str'
```
Signed-off-by: Sebastian Wagner <sebastian.wagner@suse.com>
ceph-fuse: link to libfuse3 and pass `-o big_writes` to libfuse if libfuse < 3.0.0
Reviewed-by: "Yan, Zheng" <zyan@redhat.com>
Reviewed-by: Kefu Chai <kchai@redhat.com>
both queues share the same code base, however, cls_2pc_queue should work
even if cls_queue objectclass is not loaded into the osd
Signed-off-by: Yuval Lifshitz <ylifshit@redhat.com>
Clang complains:
src/rgw/rgw_bucket_sync_cache.h:88:3: error: exception specification of explicitly defaulted copy co
nstructor does not match the calculated one
Handle(const Handle&) noexcept = default;
^
1 error generated.
And a reference that I found for this:
https://github.com/mapnik/mapnik/issues/3274
Suggesting that the noexcept is inherited from the first definition.
Signed-off-by: Willem Jan Withagen <wjw@digiware.nl>