SELinux on a cluster
Tyler Durvik
phangbyte at gmail.com
Mon Mar 29 18:37:39 UTC 2010
Is anyone looking at improving the Policy Server that Josh Brindle
worked on a while back?
http://oss.tresys.com/projects/policy-server
On Fri, Mar 26, 2010 at 12:13 PM, Daniel J Walsh <dwalsh at redhat.com> wrote:
> On 03/26/2010 12:06 PM, Jan Kasprzak wrote:
>> Hello, SELinux list!
>>
>> is there anybody who uses SELinux on a cluster of computers? If so,
>> I have two questions:
>>
>> - how do you synchronize the policy between the nodes? (Especially when
>> there are local modifications and parts of a policy)? Can I
>> simply rsync /etc/selinux/policy/targeted from a host I have just
>> modified to the other node, and then run something (what?) to make
>> the changes visible on the other node as well?
>>
>>
> That should work, I would make sure the labels are correct running
> restorecon -R -v /etc/selinux/policy after you copy them over and then
> run load_policy.
>> - are SELinux file contexts in ext3/4 xattrs portable between
>> hosts?
> Yes if they run the same or relatively the same policy.
>> My cluster has a shared filesystem on top of drbd,
>> mounted on a primary node. Will it work also after a failover
>> to the secondary node (and remounting the FS there), or would
>> it be necessary to do a restorecon on that filesystem first?
>>
>>
> It should not be necessary to run restorecon. We have been working with
> the cluster guys to get SELinux to work with it. If you have any
> problems please ping me. Or open a bugzilla.
>> Thanks,
>>
>> -Yenya
>>
>>
>
> --
> selinux mailing list
> selinux at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/selinux
>
More information about the selinux
mailing list