SELinux on a cluster
Is anyone looking at improving the Policy Server that Josh Brindle
worked on a while back?
On Fri, Mar 26, 2010 at 12:13 PM, Daniel J Walsh <firstname.lastname@example.org> wrote:
> On 03/26/2010 12:06 PM, Jan Kasprzak wrote:
>> * * * Hello, SELinux list!
>> is there anybody who uses SELinux on a cluster of computers? If so,
>> I have two questions:
>> - how do you synchronize the policy between the nodes? (Especially when
>> * * * there are local modifications and parts of a policy)? Can I
>> * * * simply rsync /etc/selinux/policy/targeted from a host I have just
>> * * * modified to the other node, and then run something (what?) to make
>> * * * the changes visible on the other node as well?
> That should work, *I would make sure the labels are correct running
> restorecon -R -v /etc/selinux/policy after you copy them over and then
> run load_policy.
>> - are SELinux file contexts in ext3/4 xattrs portable between
>> * * * hosts?
> Yes if they run the same or relatively the same policy.
>> * My cluster has a shared filesystem on top of drbd,
>> * * * mounted on a primary node. Will it work also after a failover
>> * * * to the secondary node (and remounting the FS there), or would
>> * * * it be necessary to do a restorecon on that filesystem first?
> It should not be necessary to run restorecon. We have been working with
> the cluster guys to get SELinux to work with it. *If you have any
> problems please ping me. *Or open a bugzilla.
>> * * * Thanks,
> selinux mailing list
selinux mailing list