Thanks. The issue turned out to be missing user and group IDs on the metadata server. I created the apache user with the proper UID and group IDs and apache is now able to access the directory. I also had to mount the file system using the nfs_t context to allow access.
On 12/05/2016 03:59 AM, Sebastien Buisson wrote: > Hi Michael, > > I guess your problem shows SELinux works just fine on Lustre :) > > The SELinux policy enforced on your CentOS client does not allow Apache > server to access files that have the ‘system_u:object_r:unlabeled_t:s0’ > security context. > To see the SELinux denial messages please make sure you issue this command: > # semanage dontaudit off > Messages should be written to /var/log/audit/audit.log. > > Regards, > Sebastien. > >> Le 1 déc. 2016 à 22:10, Michael Watters <[email protected]> a écrit : >> >> Hello, >> >> I have a lustre client running CentOS 7.2 with lustre 2.8 which is having >> issues accessing files on the lustre mount from Apache. There are no AVC >> denials shown in the logs however Apache does show an error in the logs as >> follows. >> >>> AH00035: access to /repos/centos2/index.html denied (filesystem path >>> '/var/www/html/repos/centos2/index.html') because search permissions are >>> missing on a component of the path >> I checked file permissions and they are fine. SELinux context is set to >> unlabeled_t as shown by ls -lZ. >> >> [root@srv1 pub]# ls -lZ >> drwxrwxr-x. mirrmaid mirrmaid system_u:object_r:unlabeled_t:s0 centos >> >> I attempted to chcon the files to allow apache access however that also >> errors out. >> >> [root@srv1 pub]# chcon -v r:httpd_sys_content_t:s0 centos/ >> changing security context of ‘centos/’ >> chcon: failed to change context of ‘centos/’ to ‘r:httpd_sys_content_t:s0’: >> Invalid argument >> >> Does Lustre 2.8 support SELinux or should I simply turn SELinux off? Is >> there a way to make SELinux labels work properly? >> >> >> >> _______________________________________________ >> lustre-discuss mailing list >> [email protected] >> http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org _______________________________________________ lustre-discuss mailing list [email protected] http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org
