Hey Flavio,

We found when set selinux 'enforcing' on RHEL7/CentOS7,
The init.d script command 'force-reload-kmod' cannot work properly:
Shown below:

[root@ovs_team_rhel7]# /etc/init.d/openvswitch force-reload-kmod

Detected internal interfaces:  [  OK  ]
Saving flows [  OK  ]
Killing ovsdb-server (11131) [  OK  ]
Starting ovsdb-server [  OK  ]
Configuring Open vSwitch system IDs [  OK  ]
Killing ovs-vswitchd (11146) [  OK  ]
*Saving interface configuration /usr/share/openvswitch/scripts/ovs-save: ip
not found in /*
*sbin:/usr/sbin:/bin:/usr/bin*
*[FAILED]*
*Failed to save configuration, not replacing kernel module ... (warning).*
Starting ovs-vswitchd [  OK  ]
Enabling remote OVSDB managers [  OK  ]


The reason seems to be that domain openvswitch_t does not have right
to access /usr/sbin/ => that's why ovs-save reports 'ip not found'

We are using the latest selinux-policy:
http://rpmfind.net//linux/RPM/centos/updates/7.0.1406/x86_64/Packages/selinux-policy-3.12.1-153.el7_0.11.noarch.html

We are using kernel: 3.10.0-123.8.1.el7.x86_64

I checked the selinux-policy-doc, it should support openvswitch running
shell long
ago...

* Fri Apr 05 2013 Miroslav Grepl <mgr...@redhat.com> 3.12.1-26
  - Try to label on controlC devices up to 30 correctly
......

  - Allow openvswitch to execute shell


So, could you help us check and maybe try if you could reproduce it
yourself?

Thanks,
Alex Wang,
_______________________________________________
dev mailing list
dev@openvswitch.org
http://openvswitch.org/mailman/listinfo/dev

Reply via email to