FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora SELinux Support

 
 
LinkBack Thread Tools
 
Old 03-26-2010, 03:06 PM
Jan Kasprzak
 
Default SELinux on a cluster

Hello, SELinux list!

is there anybody who uses SELinux on a cluster of computers? If so,
I have two questions:

- how do you synchronize the policy between the nodes? (Especially when
there are local modifications and parts of a policy)? Can I
simply rsync /etc/selinux/policy/targeted from a host I have just
modified to the other node, and then run something (what?) to make
the changes visible on the other node as well?

- are SELinux file contexts in ext3/4 xattrs portable between
hosts? My cluster has a shared filesystem on top of drbd,
mounted on a primary node. Will it work also after a failover
to the secondary node (and remounting the FS there), or would
it be necessary to do a restorecon on that filesystem first?


Thanks,

-Yenya

--
| Jan "Yenya" Kasprzak <kas at {fi.muni.cz - work | yenya.net - private}> |
| GPG: ID 1024/D3498839 Fingerprint 0D99A7FB206605D7 8B35FCDE05B18A5E |
| http://www.fi.muni.cz/~kas/ Journal: http://www.fi.muni.cz/~kas/blog/ |
Please don't top post and in particular don't attach entire digests to your
mail or we'll all soon be using bittorrent to read the list. --Alan Cox
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 03-26-2010, 03:13 PM
Daniel J Walsh
 
Default SELinux on a cluster

On 03/26/2010 12:06 PM, Jan Kasprzak wrote:
> Hello, SELinux list!
>
> is there anybody who uses SELinux on a cluster of computers? If so,
> I have two questions:
>
> - how do you synchronize the policy between the nodes? (Especially when
> there are local modifications and parts of a policy)? Can I
> simply rsync /etc/selinux/policy/targeted from a host I have just
> modified to the other node, and then run something (what?) to make
> the changes visible on the other node as well?
>
>
That should work, I would make sure the labels are correct running
restorecon -R -v /etc/selinux/policy after you copy them over and then
run load_policy.
> - are SELinux file contexts in ext3/4 xattrs portable between
> hosts?
Yes if they run the same or relatively the same policy.
> My cluster has a shared filesystem on top of drbd,
> mounted on a primary node. Will it work also after a failover
> to the secondary node (and remounting the FS there), or would
> it be necessary to do a restorecon on that filesystem first?
>
>
It should not be necessary to run restorecon. We have been working with
the cluster guys to get SELinux to work with it. If you have any
problems please ping me. Or open a bugzilla.
> Thanks,
>
> -Yenya
>
>

--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 
Old 03-29-2010, 06:37 PM
Tyler Durvik
 
Default SELinux on a cluster

Is anyone looking at improving the Policy Server that Josh Brindle
worked on a while back?

http://oss.tresys.com/projects/policy-server



On Fri, Mar 26, 2010 at 12:13 PM, Daniel J Walsh <dwalsh@redhat.com> wrote:
> On 03/26/2010 12:06 PM, Jan Kasprzak wrote:
>> * * * Hello, SELinux list!
>>
>> is there anybody who uses SELinux on a cluster of computers? If so,
>> I have two questions:
>>
>> - how do you synchronize the policy between the nodes? (Especially when
>> * * * there are local modifications and parts of a policy)? Can I
>> * * * simply rsync /etc/selinux/policy/targeted from a host I have just
>> * * * modified to the other node, and then run something (what?) to make
>> * * * the changes visible on the other node as well?
>>
>>
> That should work, *I would make sure the labels are correct running
> restorecon -R -v /etc/selinux/policy after you copy them over and then
> run load_policy.
>> - are SELinux file contexts in ext3/4 xattrs portable between
>> * * * hosts?
> Yes if they run the same or relatively the same policy.
>> * My cluster has a shared filesystem on top of drbd,
>> * * * mounted on a primary node. Will it work also after a failover
>> * * * to the secondary node (and remounting the FS there), or would
>> * * * it be necessary to do a restorecon on that filesystem first?
>>
>>
> It should not be necessary to run restorecon. We have been working with
> the cluster guys to get SELinux to work with it. *If you have any
> problems please ping me. *Or open a bugzilla.
>> * * * Thanks,
>>
>> -Yenya
>>
>>
>
> --
> selinux mailing list
> selinux@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
--
selinux mailing list
selinux@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/selinux
 

Thread Tools




All times are GMT. The time now is 07:16 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org