Hi Michael, I guess your problem shows SELinux works just fine on Lustre :)
The SELinux policy enforced on your CentOS client does not allow Apache server to access files that have the ‘system_u:object_r:unlabeled_t:s0’ security context. To see the SELinux denial messages please make sure you issue this command: # semanage dontaudit off Messages should be written to /var/log/audit/audit.log. Regards, Sebastien. > Le 1 déc. 2016 à 22:10, Michael Watters <watte...@watters.ws> a écrit : > > Hello, > > I have a lustre client running CentOS 7.2 with lustre 2.8 which is having > issues accessing files on the lustre mount from Apache. There are no AVC > denials shown in the logs however Apache does show an error in the logs as > follows. > > > AH00035: access to /repos/centos2/index.html denied (filesystem path > > '/var/www/html/repos/centos2/index.html') because search permissions are > > missing on a component of the path > > I checked file permissions and they are fine. SELinux context is set to > unlabeled_t as shown by ls -lZ. > > [root@srv1 pub]# ls -lZ > drwxrwxr-x. mirrmaid mirrmaid system_u:object_r:unlabeled_t:s0 centos > > I attempted to chcon the files to allow apache access however that also > errors out. > > [root@srv1 pub]# chcon -v r:httpd_sys_content_t:s0 centos/ > changing security context of ‘centos/’ > chcon: failed to change context of ‘centos/’ to ‘r:httpd_sys_content_t:s0’: > Invalid argument > > Does Lustre 2.8 support SELinux or should I simply turn SELinux off? Is > there a way to make SELinux labels work properly? > > > > _______________________________________________ > lustre-discuss mailing list > lustre-discuss@lists.lustre.org > http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org _______________________________________________ lustre-discuss mailing list lustre-discuss@lists.lustre.org http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org
