Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1690446 - /etc/hosts is mislabeled for selinux on the engine VM
Summary: /etc/hosts is mislabeled for selinux on the engine VM
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: ovirt-hosted-engine-setup
Classification: oVirt
Component: General
Version: 2.3.2
Hardware: Unspecified
OS: Unspecified
urgent
urgent vote
Target Milestone: ovirt-4.3.3
: ---
Assignee: Simone Tiraboschi
QA Contact: Nikolai Sednev
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-03-19 13:52 UTC by Simone Tiraboschi
Modified: 2019-04-16 13:58 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
/etc/hosts is mislabeled for selinux on the engine VM; fixing it.
Clone Of:
Environment:
Last Closed: 2019-04-16 13:58:24 UTC
oVirt Team: Integration
sbonazzo: ovirt-4.3?
sbonazzo: blocker?
sbonazzo: planning_ack?
sbonazzo: devel_ack+
sbonazzo: testing_ack?


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Github oVirt ovirt-ansible-hosted-engine-setup pull 144 None None None 2019-03-19 14:20:28 UTC
Github oVirt ovirt-ansible-hosted-engine-setup pull 145 None None None 2019-03-20 12:01:47 UTC

Description Simone Tiraboschi 2019-03-19 13:52:06 UTC
Description of problem:
On a fresh deployment /etc/hosts on the engine VM is labelled as 
system_u:object_r:unconfined_t:s0 while it should be system_u:object_r:net_conf_t:s0

Version-Release number of selected component (if applicable):
4.3.2

How reproducible:
100%

Steps to Reproduce:
1. deploy hosted-engine
2. check the label of /etc/hosts on the engine VM
3.

Actual results:
system_u:object_r:unconfined_t:s0

Expected results:
system_u:object_r:net_conf_t:s0

Additional info:
probably the best option is to force SELinux autorelabel for an entire file system injecting also /.autorelabel to be sure we are correctly labelling all the touched files.

Comment 1 Sandro Bonazzola 2019-03-20 08:44:46 UTC
autorelabeling doesn't work because it introduces an additional reboot. Let's try with restorecon.

Comment 2 Nikolai Sednev 2019-04-02 15:19:37 UTC
nsednev-he-1 ~]# ls -Z /etc/hosts
-rw-r--r--. root root system_u:object_r:net_conf_t:s0  /etc/hosts

Works as expected on these components:
ovirt-hosted-engine-setup-2.3.7-1.el7ev.noarch
ovirt-hosted-engine-ha-2.3.1-1.el7ev.noarch
rhvm-appliance-4.3-20190328.1.el7.x86_64
Linux 3.10.0-957.10.1.el7.x86_64 #1 SMP Thu Feb 7 07:12:53 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Red Hat Enterprise Linux Server release 7.6 (Maipo)

Tested on RHEL hosts.

Moving to verified.

Comment 3 Sandro Bonazzola 2019-04-16 13:58:24 UTC
This bugzilla is included in oVirt 4.3.3 release, published on April 16th 2019.

Since the problem described in this bug report should be
resolved in oVirt 4.3.3 release, it has been closed with a resolution of CURRENT RELEASE.

If the solution does not work for you, please open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.