mirror of
https://github.com/ceph/ceph
synced 2024-12-25 04:43:17 +00:00
8187235c91
This fixes the the following selinux error when using ceph-iscsi's rbd-target-api daemon (rbd-target-gw has the same issue). They are a result of the a python library, rtslib, which the daemons use. Additional Information: Source Context system_u:system_r:ceph_t:s0 Target Context system_u:object_r:configfs_t:s0 Target Objects /sys/kernel/config/target/iscsi/iqn.2003-01.com.re dhat:ceph-iscsi/tpgt_1/attrib/authentication [ file ] Source rbd-target-api Source Path /usr/libexec/platform-python3.6 Port <Unknown> Host ans8 Source RPM Packages platform-python-3.6.8-15.1.el8.x86_64 Target RPM Packages Policy RPM selinux-policy-3.14.3-20.el8.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name ans8 Platform Linux ans8 4.18.0-147.el8.x86_64 #1 SMP Thu Sep 26 15:52:44 UTC 2019 x86_64 x86_64 Alert Count 1 First Seen 2020-01-08 18:39:47 EST Last Seen 2020-01-08 18:39:47 EST Local ID 6f8c3415-7a50-4dc8-b3d2-2621e1d00ca3 Raw Audit Messages type=AVC msg=audit(1578526787.577:68): avc: denied { ioctl } for pid=995 comm="rbd-target-api" path="/sys/kernel/config/target/iscsi/iqn.2003-01.com.redhat:ceph-iscsi/tpgt_1/attrib/authentication" dev="configfs" ino=25703 ioctlcmd=0x5401 scontext=system_u:system_r:ceph_t:s0 tcontext=system_u:object_r:configfs_t:s0 tclass=file permissive=1 type=SYSCALL msg=audit(1578526787.577:68): arch=x86_64 syscall=ioctl success=no exit=ENOTTY a0=34 a1=5401 a2=7ffd4f8f1f60 a3=3052cd2d95839b96 items=0 ppid=1 pid=995 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm=rbd-target-api exe=/usr/libexec/platform-python3.6 subj=system_u:system_r:ceph_t:s0 key=(null) Hash: rbd-target-api,ceph_t,configfs_t,file,ioctl Signed-off-by: Mike Christie <mchristi@redhat.com> |
||
---|---|---|
.. | ||
.gitignore | ||
ceph.fc | ||
ceph.if | ||
ceph.te | ||
CMakeLists.txt |