Actions
Bug #42511
closedceph-daemon fails when selinux is enabled
Status:
Resolved
Priority:
High
Assignee:
-
Category:
Security
Target version:
-
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:
Component(RADOS):
Pull request ID:
Crash signature (v1):
Crash signature (v2):
Description
if you setenforce 0, everything is great. otherwise, however, you get an error like
2019-10-28T03:21:10.741 INFO:tasks.workunit.client.0.smithi180.stderr:Error: relabel failed "/dev": SELinux relabeling of /dev is not allowed
when trying to start a container that passes through /dev. a minimal reproducer (with ceph-daemon):
- wget/curl ceph-daemon from master
- sudo ./ceph-daemon shell
With podman a minimal reproducer is
/bin/podman run -it --net=host --privileged -v /dev:/dev:z --entrypoint bash ceph/daemon-base
Actions