From: Vasu Kulkarni <vakulkar@redhat.com>
To: Boris Ranto <branto@redhat.com>
Cc: Yehuda Sadeh-Weinraub <yehuda@redhat.com>,
ceph-devel <ceph-devel@vger.kernel.org>
Subject: Re: teuthology SELinux failures
Date: Thu, 1 Jun 2017 09:15:58 -0700 [thread overview]
Message-ID: <CAKPXa=Ydy_KAoFaUrnMPWA51S_D3snjPPfAtGW5oE=omi41ENg@mail.gmail.com> (raw)
In-Reply-To: <1496331233.10067.1.camel@redhat.com>
I believe the nodes are pretty much messed up with various kernel
versions, ideally we should not be seeing this on distro kernel(as per
Boris's comment)
so probably we should just schedule kernel client tests on vps so that
the smithi's and mira's have only latest distro kernels for other
suites for correct testing.
Also it would be nice to automatically reimage the nodes back to
distro once in a week.
On Thu, Jun 1, 2017 at 8:33 AM, Boris Ranto <branto@redhat.com> wrote:
> I did not check all of the failed tests but those that I checked
> complained about dac_read_search. The dac_* family of capabilities
> complains that root is trying to access a file that the standard
> permissions does not allow him (root) to access (i.e. having 600 and
> ceph/ceph user/group).
>
> However, there is a lot of dac_* failures all throughout the system and
> the target contexts are different for these files (i.e. there would
> have to be a lot of files like that) so I am inclined to say that this
> is a kernel bug. Especially considering that this does not present in
> older/stock kernels where there already is a dac_override support.
>
> Anyway, it should be safe to ignore these (not our processes, not our
> files...)
>
> Regards,
> Boris
>
>
> On Wed, 2017-05-31 at 13:23 -0700, Yehuda Sadeh-Weinraub wrote:
>> We started seeing SELinux related failures in recent teuthology run,
>> e.g.:
>> http://pulpito.ceph.com/yehudasa-2017-05-30_14:55:10-rgw-wip-rgw-mdse
>> arch---basic-smithi/
>>
>> It seems that it's unrelated to the runs themselves, possibly postfix
>> that's running in the background is triggering these. Any idea what
>> we
>> should do there?
>>
>> Yehuda
> --
> To unsubscribe from this list: send the line "unsubscribe ceph-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2017-06-01 16:16 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-31 20:23 teuthology SELinux failures Yehuda Sadeh-Weinraub
2017-05-31 21:12 ` John Spray
2017-06-06 13:26 ` John Spray
2017-06-06 13:55 ` Ilya Dryomov
2017-06-06 16:42 ` Vasu Kulkarni
2017-06-01 15:33 ` Boris Ranto
2017-06-01 16:15 ` Vasu Kulkarni [this message]
2017-06-01 16:39 ` John Spray
2017-06-01 16:50 ` Yuri Weinstein
2017-06-02 2:44 ` Nathan Cutler
2017-06-02 15:31 ` Yuri Weinstein
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAKPXa=Ydy_KAoFaUrnMPWA51S_D3snjPPfAtGW5oE=omi41ENg@mail.gmail.com' \
--to=vakulkar@redhat.com \
--cc=branto@redhat.com \
--cc=ceph-devel@vger.kernel.org \
--cc=yehuda@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.