On Thu, Jun 6, 2019 at 10:30 AM lejeczek peljasz@yahoo.co.uk wrote:
hi everyone
I have this:
virt_use_fusefs --> on virt_use_glusterd --> on
on centos 7.6 with selinux-policy-3.13.1-229.el7_6.12.noarch.
When I tell pacemaker to start a virt guest resource with xml config off a fuse mounted gluster vol I get a denial and audit2allow sees:
allow virsh_t fusefs_t:dir search;
Should above boolean be all I (pacemaker) need or I'm missing something?
Hm, there seems to be an inconsistency among the virt_use_*fs booleans. On current Fedora Rawhide:
$ sesearch -A -b virt_use_fusefs | cut -f 2 -d ' ' | uniq virt_domain $ sesearch -A -b virt_use_nfs | cut -f 2 -d ' ' | uniq fsdaemon_t svirt_sandbox_domain virsh_t virt_domain virtlogd_t
So, the "virt" in virt_use_nfs has a much wider meaning than the "virt" in virt_use_fusefs... @Zdenek/Lukas, should we consolidate this?