Hi,
I'm seeing some SElinux denials for ops to nvme devices. They only
occur at OSD start, they are not ongoing. I'm not sure it's causing
an issue though I did try a few tests with SElinux in permissive mode
to see if it made any difference with startup/recovery CPU loading we
have seen since update to Kraken (another thread). There doesn't seem
to be a noticeable difference in behaviour when we turn enforcing off
- our default state is with enforcing on and has been since the start
of our cluster.
Familiar to anyone? I can open a tracker issue if it isn't obviously
an issue on my end.
thanks,
Ben
---
type=AVC msg=audit(1487971555.994:39654): avc: denied { read } for
pid=470733 comm="ceph-osd" name="nvme0n1p13" dev="devtmpfs" ino=28742
scontext=system_u:system_r:ceph_t:s0
tcontext=system_u:object_r:nvme_device_t:s0 tclass=blk_file
type=AVC msg=audit(1487971555.994:39654): avc: denied { open } for
pid=470733 comm="ceph-osd" path="/dev/nvme0n1p13" dev="devtmpfs"
ino=28742 scontext=system_u:system_r:ceph_t:s0
tcontext=system_u:object_r:nvme_device_t:s0 tclass=blk_file
type=AVC msg=audit(1487971555.995:39655): avc: denied { getattr }
for pid=470733 comm="ceph-osd" path="/dev/nvme0n1p13" dev="devtmpfs"
ino=28742 scontext=system_u:system_r:ceph_t:s0
tcontext=system_u:object_r:nvme_device_t:s0 tclass=blk_file
type=AVC msg=audit(1487971555.995:39656): avc: denied { ioctl } for
pid=470733 comm="ceph-osd" path="/dev/nvme0n1p13" dev="devtmpfs"
ino=28742 scontext=system_u:system_r:ceph_t:s0
tcontext=system_u:object_r:nvme_device_t:s0 tclass=blk_file
type=AVC msg=audit(1487978131.752:40937): avc: denied { getattr }
for pid=528235 comm="fn_odsk_fstore" path="/dev/nvme0n1"
dev="devtmpfs" ino=16546 scontext=system_u:system_r:ceph_t:s0
tcontext=system_u:object_r:nvme_device_t:s0 tclass=blk_file
type=AVC msg=audit(1487978131.752:40938): avc: denied { read } for
pid=528235 comm="fn_odsk_fstore" name="nvme0n1p1" dev="devtmpfs"
ino=16549 scontext=system_u:system_r:ceph_t:s0
tcontext=system_u:object_r:nvme_device_t:s0 tclass=blk_file
type=AVC msg=audit(1487978131.752:40938): avc: denied { open } for
pid=528235 comm="fn_odsk_fstore" path="/dev/nvme0n1p1" dev="devtmpfs"
ino=16549 scontext=system_u:system_r:ceph_t:s0
tcontext=system_u:object_r:nvme_device_t:s0 tclass=blk_file
type=AVC msg=audit(1487978131.752:40939): avc: denied { ioctl } for
pid=528235 comm="fn_odsk_fstore" path="/devnvme0n1p1" dev="devtmpfs"
ino=16549 scontext=system_u:system_r:ceph_t:s0
tcontext=system_u:object_r:nvme_device_t:s0 tclass=blk_file
_______________________________________________
ceph-users mailing list
[email protected]
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
