SELinux on a cluster
Daniel J Walsh
dwalsh at redhat.com
Fri Mar 26 16:13:15 UTC 2010
On 03/26/2010 12:06 PM, Jan Kasprzak wrote:
> Hello, SELinux list!
>
> is there anybody who uses SELinux on a cluster of computers? If so,
> I have two questions:
>
> - how do you synchronize the policy between the nodes? (Especially when
> there are local modifications and parts of a policy)? Can I
> simply rsync /etc/selinux/policy/targeted from a host I have just
> modified to the other node, and then run something (what?) to make
> the changes visible on the other node as well?
>
>
That should work, I would make sure the labels are correct running
restorecon -R -v /etc/selinux/policy after you copy them over and then
run load_policy.
> - are SELinux file contexts in ext3/4 xattrs portable between
> hosts?
Yes if they run the same or relatively the same policy.
> My cluster has a shared filesystem on top of drbd,
> mounted on a primary node. Will it work also after a failover
> to the secondary node (and remounting the FS there), or would
> it be necessary to do a restorecon on that filesystem first?
>
>
It should not be necessary to run restorecon. We have been working with
the cluster guys to get SELinux to work with it. If you have any
problems please ping me. Or open a bugzilla.
> Thanks,
>
> -Yenya
>
>
More information about the selinux
mailing list