Hi All, I have been testing EL8 + NFS Ganesha 3 (from CentOS Storage SIG) and Gluster v8 (tested both Storage SIG rpms and built from source ) and I have noticed a bug in the SELINUX policy causing the system to fail to boot after the node is fenced until a kernel parameter 'enforcing=0' is passed. The reason seems to be the link "/var/lib/nfs" pointing to the shared storage.When the cluster software is stopped gracefully, no issues are observed,as the nfs_setup resource restores /var/lib/nfs . Should I open a bug to bugzilla.redhat.com or it's specific to CentOS only ? More details: [root at glustere ~]# rpm -qa | grep ganesha | sort centos-release-nfs-ganesha30-1.0-2.el8.noarch glusterfs-ganesha-8.2-0.5.git77eb5e838.el8.x86_64 nfs-ganesha-3.3-2.el8.x86_64 nfs-ganesha-gluster-3.3-2.el8.x86_64 nfs-ganesha-selinux-3.3-2.el8.noarch [root at glustere ~]# dmesg | grep -e type=1300 -e type=1400 [ 14.414782] audit: type=1400 audit(1605994499.985:3): avc: denied { getattr } for pid=1 comm="systemd" path="/var/lib/nfs" dev="dm-0" ino=33596932 scontext=system_u:system_r:init_t:s0 tcontext=system_u:object_r:var_lib_nfs_t:s0 tclass=lnk_file permissive=1 [root at glustere ~]# dmesg | grep -e type=1300 -e type=1400 | audit2allow -M my-systemd ******************** IMPORTANT *********************** To make this policy package active, execute: semodule -i my-systemd.pp [root at glustere ~]# cat my-systemd.te module my-systemd 1.0; require { type var_lib_nfs_t; type init_t; class lnk_file getattr; } #============= init_t ============== allow init_t var_lib_nfs_t:lnk_file getattr; Best Regards, Strahil Nikolov