Dan Kenigsberg has submitted this change and it was merged. Change subject: lvm: Do not use udev to set permissions on vdsm images ......................................................................
lvm: Do not use udev to set permissions on vdsm images udev has changed the rules recently, so setting USER, GROUP, or MODE will change also the selinux label behind your back. This issue caused vms to pause after extend, rendering thin provisioning disk useless. We had a temporary fix, applying a static selinux label on vdsm images, but this breaks libvirt security. This patch avoids this issue by not using udev to set any permissions, thus preserving the secure selinux labels set by libvirt. This patch replaces the following commits with a simpler and hopefully longer lasting fix which does not need any platform specific code. d8d6c17 gitignore: Ingore vdsm-lvm.rule.tpl 00fbc83 lvm: Modify lv selinux label only if not labablled as libvirt image b2268e4 spec: Enable lvm selinux fix for Fedora 75fc495 lvm: Set libvirt image selinux label on block devices backing vdsm images Change-Id: I57d9987bf0be19e6e233baaeea10877918eb849b Bug-Url: https://bugzilla.redhat.com/1149883 Relates-To: https://bugzilla.redhat.com/1147910 Signed-off-by: Nir Soffer <[email protected]> Reviewed-on: http://gerrit.ovirt.org/33875 Reviewed-by: Federico Simoncelli <[email protected]> --- M .gitignore M configure.ac M vdsm.spec.in M vdsm/storage/Makefile.am D vdsm/storage/vdsm-chcon.in R vdsm/storage/vdsm-lvm.rules.in 6 files changed, 9 insertions(+), 78 deletions(-) Approvals: Nir Soffer: Verified Federico Simoncelli: Looks good to me, approved -- To view, visit http://gerrit.ovirt.org/33875 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: I57d9987bf0be19e6e233baaeea10877918eb849b Gerrit-PatchSet: 3 Gerrit-Project: vdsm Gerrit-Branch: master Gerrit-Owner: Nir Soffer <[email protected]> Gerrit-Reviewer: Adam Litke <[email protected]> Gerrit-Reviewer: Allon Mureinik <[email protected]> Gerrit-Reviewer: Dan Kenigsberg <[email protected]> Gerrit-Reviewer: Federico Simoncelli <[email protected]> Gerrit-Reviewer: Nir Soffer <[email protected]> Gerrit-Reviewer: [email protected] Gerrit-Reviewer: oVirt Jenkins CI Server _______________________________________________ vdsm-patches mailing list [email protected] https://lists.fedorahosted.org/mailman/listinfo/vdsm-patches
