Yes. But I think we have to fix this within ceph-selinux. :) Thanks, Muminul On Wed, Jul 13, 2016 at 1:33 PM, Ken Dreyer <kdreyer@xxxxxxxxxx> wrote: > It sounds like you'll have to use the CentOS 7 kernels to avoid this error :( > > - Ken > > On Wed, Jul 13, 2016 at 2:32 PM, Muminul Islam Russell <misla011@xxxxxxx> wrote: >> FYI: >> >> The issue is in later kernel i.e in may case 4.1.12. >> >> Not reproducible in 3.8 or 3.10 kernel. >> >> -- >> Muminul >> >> On Wed, Jul 13, 2016 at 1:01 PM, Muminul Islam Russell <misla011@xxxxxxx> wrote: >>> I am using Kernel 4.1.12 and Ceph 10.2.2. >>> >>> Thanks, >>> Muminul >>> >>> On Wed, Jul 13, 2016 at 12:14 PM, Ken Dreyer <kdreyer@xxxxxxxxxx> wrote: >>>> Hi Muminul, >>>> >>>> Are you running with all the latest updates? >>>> >>>> Do you still experience issues with kernel 3.10.0-327.22.2.el7 ? >>>> >>>> - Ken >>>> >>>> On Wed, Jul 13, 2016 at 12:46 PM, Muminul Islam Russell >>>> <misla011@xxxxxxx> wrote: >>>>> Hello, >>>>> >>>>> I got the following error while installing ceph-selinux. >>>>> >>>>> kernel: SELinux: Permission audit_read in class capability2 not defined in >>>>> policy. >>>>> kernel: SELinux: Class binder not defined in policy. >>>>> kernel: SELinux: the above unknown classes and permissions will be allowed >>>>> >>>>> command to reproduce the error: >>>>> /usr/sbin/semodule -i /usr/share/selinux/packages/ceph.pp >>>>> >>>>> Then check the output in syslog. >>>>> >>>>> Info: >>>>> These are object classes and av permissions that were introduced in the >>>>> newer kernel, but ceph-selinux policy is for the older kernel and thus does >>>>> not know these new object classes and av permissions. So they will just be >>>>> ignored (allowed). So other than a few warnings it really does not >>>>> affect anything or change the behavior of the policy I believe. >>>>> >>>>> But we could just get rid of this warnings. >>>>> >>>>> Thanks, >>>>> Muminul >>>>> -- >>>>> To unsubscribe from this list: send the line "unsubscribe ceph-devel" in >>>>> the body of a message to majordomo@xxxxxxxxxxxxxxx >>>>> More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
