[gpfsug-discuss] selinux context
Talamo Ivano Giuseppe (PSI)
Ivano.Talamo at psi.ch
Fri May 22 08:47:45 BST 2020
Hi all,
I’m configuring a set of login nodes with home directories in GPFS (but not on /home), with SElinux in enforcing mode and auto creation of home directory (via PAM).
I’ve been able to partially achieve my target, by basically running the two following commands:
semanage fcontext -a -e /home /das/home
restorecon -v /das/home
After having done this on one node, the context on the directory is the expected one (system_u:object_r:home_root_t:s0). And everything works as expected (a new user logs in and his directory is created).
But on all the other nodes of the cluster still the old context is shown (system_u:object_r:unlabeled_t:s0). Unless I run the restorecon on them too.
Furthermore, since the filesystem is a remote-cluster mount, on all the nodes on the central (storage) cluster, the corrent (home_root_t) context is shown.
I was expecting the SElinux context to be stored in the inodes, but now the situation looks mixed and I’m puzzled.
In case it can help, the login nodes are RHEL 7.7 with Spectrum Scale 5.0.4. The storage is RHEL 7.6 with 5.0.3.
Does someone have any experience/idea?
Thanks,
__________________________________________
Paul Scherrer Institut
Ivano Talamo
WHGA/038
Forschungsstrasse 111
5232 Villigen PSI
Schweiz
Telefon: +41 56 310 47 71
E-Mail: ivano.talamo at psi.ch
More information about the gpfsug-discuss
mailing list