On 03/26/2010 12:06 PM, Jan Kasprzak wrote:
Hello, SELinux list!
is there anybody who uses SELinux on a cluster of computers? If so,
I have two questions:
- how do you synchronize the policy between the nodes? (Especially when
there are local modifications and parts of a policy)? Can I
simply rsync /etc/selinux/policy/targeted from a host I have just
modified to the other node, and then run something (what?) to make
the changes visible on the other node as well?
That should work, I would make sure the labels are correct running
restorecon -R -v /etc/selinux/policy after you copy them over and then
run load_policy.
- are SELinux file contexts in ext3/4 xattrs portable between
hosts?
Yes if they run the same or relatively the same policy.
My cluster has a shared filesystem on top of drbd,
mounted on a primary node. Will it work also after a failover
to the secondary node (and remounting the FS there), or would
it be necessary to do a restorecon on that filesystem first?
It should not be necessary to run restorecon. We have been working with
the cluster guys to get SELinux to work with it. If you have any
problems please ping me. Or open a bugzilla.
Thanks,
-Yenya