Bug #21672
Updated by Brad Hubbard over 6 years ago
This behaviour is due to the postinstall script for the ceph-selinux package.
<pre>
%post selinux
# backup file_contexts before update
. /etc/selinux/config
FILE_CONTEXT=/etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts
cp ${FILE_CONTEXT} ${FILE_CONTEXT}.pre
# Install the policy
/usr/sbin/semodule -i %{_datadir}/selinux/packages/ceph.pp
# Load the policy if SELinux is enabled
if ! /usr/sbin/selinuxenabled; then
# Do not relabel if selinux is not enabled
exit 0
fi
if diff ${FILE_CONTEXT} ${FILE_CONTEXT}.pre > /dev/null 2>&1; then
# Do not relabel if file contexts did not change
exit 0
fi
# Check whether the daemons are running
/usr/bin/systemctl status ceph.target > /dev/null 2>&1
STATUS=$?
# Stop the daemons if they were running
if test $STATUS -eq 0; then
/usr/bin/systemctl stop ceph.target > /dev/null 2>&1
fi
# Now, relabel the files
/usr/sbin/fixfiles -C ${FILE_CONTEXT}.pre restore 2> /dev/null
rm -f ${FILE_CONTEXT}.pre
# The fixfiles command won't fix label for /var/run/ceph
/usr/sbin/restorecon -R /var/run/ceph > /dev/null 2>&1
# Start the daemons iff they were running before
if test $STATUS -eq 0; then
/usr/bin/systemctl start ceph.target > /dev/null 2>&1 || :
fi
exit 0
</pre>
So the prerequisites for this to occur are that selinux is enabled *and* the file context is changed by the upgraded ceph-selinux package.
Note that the postuninstall script also has the potential to restart the daemons.
See https://www.spinics.net/lists/ceph-users/msg38852.html for more information.