On Wed, Oct 22, 2014 at 11:36:26AM -0700, Alex Wang wrote: > Just out of curiosity, > > when i did 'systemctl list-units -t service --all', I could find the > openvswitch.service entry. > > but I could not find the openvswith.service file on my system. > > then I did 'systemctl -l status openvswitch.service', it showed > > Loaded: loaded (/etc/rc.d/init.d/openvswitch) > > seems to me that rhel7 parses the rc.d/ directory and automatically > creates the service for openvswitch. am I right?
No, that's just a fall back for old sysv scripts. So, if you use 'systemctl' then it should use the old 'service' instead. fbl > Thanks, > Alex Wang, > > On Wed, Oct 22, 2014 at 9:51 AM, Alex Wang <[email protected]> wrote: > > > > > > > On Wed, Oct 22, 2014 at 9:34 AM, Flavio Leitner <[email protected]> wrote: > > > >> On Wed, Oct 22, 2014 at 09:07:00AM -0700, Alex Wang wrote: > >> > Thx for the reply Flavio, > >> > > >> > > Sorry, I was out for some days. Anyway as FYI, RHEL-7 and > >> > > probably CentOS7 supports systemd, so we provide systemd service > >> > > for openvswitch. Therefore, the sysv script isn't supported. > >> > > > >> > > >> > > >> > Thanks for notify this, just searched around, from my understanding, > >> > systemctl dose not have subcommand for reloading the kernel module. > >> > >> You're correct. So far there is no such facility. > >> > >> > >> > So, seems to me, the only way to reload kmod is to reboot machine... > >> > And that way, the interface configurations are all lost. > >> > > >> > Do you know any workaround? > >> > >> Not that I know of. So, the idea behind the reload kmod is to > >> re-create bridge and ports too? > >> > > > > > > yes, the ovs-save (/usr/share/openvswitch/scripts/ovs-save) file is for > > storing > > info like link state (Ethernet addresses, up/down, ...) > > > > this script is invoked during reload-kmod~ > > > > > > > >> > Have you run the script in permissive mode to see if fixing > >> > > that is enough? > >> > > I will try to reproduce in my end as well. > >> > > >> > Yeah, if we set selinux to permissive mode or I `semanage permissive -a > >> > openvswith_t`... then I do not have the issue. > >> > >> Yeah, because then you are allowing everything. But my question was > >> more if there are more avc denials after that problem. I mean, once > >> you have fixed/skipped the first problem, likely there is a second one > >> and so forth. No worries, I will check myself later on. > >> > > > > Here are all the logs in one execution, > > > > type=AVC msg=audit(1413996278.049:152): avc: denied { getattr } for > > pid=3970 comm="ovs-save" path="/usr/sbin/ip" dev="dm-1" ino=67244283 > > scontext=unconfined_u:system_r:openvswitch_t:s0 > > tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file > > > > type=SYSCALL msg=audit(1413996278.049:152): arch=c000003e syscall=4 > > success=yes exit=0 a0=1d6c670 a1=7fff19957b40 a2=7fff19957b40 a3=0 items=0 > > ppid=3969 pid=3970 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 > > fsgid=0 tty=pts0 ses=1 comm="ovs-save" exe="/usr/bin/bash" > > subj=unconfined_u:system_r:openvswitch_t:s0 key=(null) > > > > type=AVC msg=audit(1413996278.049:153): avc: denied { execute } for > > pid=3970 comm="ovs-save" name="ip" dev="dm-1" ino=67244283 > > scontext=unconfined_u:system_r:openvswitch_t:s0 > > tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file > > > > type=SYSCALL msg=audit(1413996278.049:153): arch=c000003e syscall=21 > > success=yes exit=0 a0=1d6c670 a1=1 a2=7fff19957a70 a3=7fff19957900 items=0 > > ppid=3969 pid=3970 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 > > fsgid=0 tty=pts0 ses=1 comm="ovs-save" exe="/usr/bin/bash" > > subj=unconfined_u:system_r:openvswitch_t:s0 key=(null) > > > > type=AVC msg=audit(1413996278.049:154): avc: denied { read } for > > pid=3970 comm="ovs-save" name="ip" dev="dm-1" ino=67244283 > > scontext=unconfined_u:system_r:openvswitch_t:s0 > > tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file > > > > type=SYSCALL msg=audit(1413996278.049:154): arch=c000003e syscall=21 > > success=yes exit=0 a0=1d6c670 a1=4 a2=7fff19957a70 a3=7fff19957900 items=0 > > ppid=3969 pid=3970 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 > > fsgid=0 tty=pts0 ses=1 comm="ovs-save" exe="/usr/bin/bash" > > subj=unconfined_u:system_r:openvswitch_t:s0 key=(null) > > > > type=AVC msg=audit(1413996278.049:155): avc: denied { open } for > > pid=3970 comm="ovs-save" path="/usr/sbin/ip" dev="dm-1" ino=67244283 > > scontext=unconfined_u:system_r:openvswitch_t:s0 > > tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file > > > > type=AVC msg=audit(1413996278.049:155): avc: denied { execute_no_trans } > > for pid=3970 comm="ovs-save" path="/usr/sbin/ip" dev="dm-1" ino=67244283 > > scontext=unconfined_u:system_r:openvswitch_t:s0 > > tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file > > > > type=SYSCALL msg=audit(1413996278.049:155): arch=c000003e syscall=59 > > success=yes exit=0 a0=1d6c670 a1=1d7ba00 a2=1d6c930 a3=7fff19957a20 items=0 > > ppid=3969 pid=3970 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 > > fsgid=0 tty=pts0 ses=1 comm="ip" exe="/usr/sbin/ip" > > subj=unconfined_u:system_r:openvswitch_t:s0 key=(null) > > > > > > Thanks again, > >> fbl > >> > >> > > Thanks, > > Alex Wang, > > _______________________________________________ dev mailing list [email protected] http://openvswitch.org/mailman/listinfo/dev
