From: Boris Ranto <branto@redhat.com>
To: Yehuda Sadeh-Weinraub <yehuda@redhat.com>
Cc: ceph-devel <ceph-devel@vger.kernel.org>
Subject: Re: teuthology SELinux failures
Date: Thu, 01 Jun 2017 17:33:53 +0200 [thread overview]
Message-ID: <1496331233.10067.1.camel@redhat.com> (raw)
In-Reply-To: <CADRKj5QHS+qeB3jLJf4y9LVtoZ9pZSxiswO=64eTgGQm6ScdJA@mail.gmail.com>
I did not check all of the failed tests but those that I checked
complained about dac_read_search. The dac_* family of capabilities
complains that root is trying to access a file that the standard
permissions does not allow him (root) to access (i.e. having 600 and
ceph/ceph user/group).
However, there is a lot of dac_* failures all throughout the system and
the target contexts are different for these files (i.e. there would
have to be a lot of files like that) so I am inclined to say that this
is a kernel bug. Especially considering that this does not present in
older/stock kernels where there already is a dac_override support.
Anyway, it should be safe to ignore these (not our processes, not our
files...)
Regards,
Boris
On Wed, 2017-05-31 at 13:23 -0700, Yehuda Sadeh-Weinraub wrote:
> We started seeing SELinux related failures in recent teuthology run,
> e.g.:
> http://pulpito.ceph.com/yehudasa-2017-05-30_14:55:10-rgw-wip-rgw-mdse
> arch---basic-smithi/
>
> It seems that it's unrelated to the runs themselves, possibly postfix
> that's running in the background is triggering these. Any idea what
> we
> should do there?
>
> Yehuda
next prev parent reply other threads:[~2017-06-01 15:33 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-31 20:23 teuthology SELinux failures Yehuda Sadeh-Weinraub
2017-05-31 21:12 ` John Spray
2017-06-06 13:26 ` John Spray
2017-06-06 13:55 ` Ilya Dryomov
2017-06-06 16:42 ` Vasu Kulkarni
2017-06-01 15:33 ` Boris Ranto [this message]
2017-06-01 16:15 ` Vasu Kulkarni
2017-06-01 16:39 ` John Spray
2017-06-01 16:50 ` Yuri Weinstein
2017-06-02 2:44 ` Nathan Cutler
2017-06-02 15:31 ` Yuri Weinstein
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1496331233.10067.1.camel@redhat.com \
--to=branto@redhat.com \
--cc=ceph-devel@vger.kernel.org \
--cc=yehuda@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.