15.4. Configuration Examples
15.4.1. Labeling Gluster Bricks
glusterd_brick_t, SELinux denies certain file access operations and generates various AVC messages.
/dev/rhgs/gluster, to be used as the Gluster brick.
Procedure 15.1. How to Label a Gluster Brick
- Create a directory to mount the previously formatted logical volume. For example:
- Mount the logical volume, in this case
/dev/vg-group/gluster, to the
/mnt/brick1/directory created in the previous step.
mount /dev/vg-group/gluster /mnt/brick1/Note that the
mountcommand mounts devices only temporarily. To mount the device permanently, add an entry similar as the following one to the
/dev/vg-group/gluster /mnt/brick1 xfs rw,inode64,noatime,nouuid 1 2For more information, see the fstab(5) manual page.
- Check the SELinux context of
ls -lZd /mnt/brick1/drwxr-xr-x. root root system_u:object_r:unlabeled_t:s0 /mnt/brick1/The directory is labeled with the
- Change the SELinux type of
semanage fcontext -a -t glusterd_brick_t "/mnt/brick1(/.*)?"
- Use the
restoreconutility to apply the changes:
restorecon -Rv /mnt/brick1
- Finally, verify that the context has been successfully changed:
ls -lZd /mnt/brick1drwxr-xr-x. root root system_u:object_r:glusterd_brick_t:s0 /mnt/brick1/