I am not a selinux guy. Is there any quick fix for this? Thanks, Muminul On Wed, Jul 13, 2016 at 1:35 PM, Muminul Islam Russell <misla011@xxxxxxx> wrote: > Yes. But I think we have to fix this within ceph-selinux. :) > > Thanks, > Muminul > > On Wed, Jul 13, 2016 at 1:33 PM, Ken Dreyer <kdreyer@xxxxxxxxxx> wrote: >> It sounds like you'll have to use the CentOS 7 kernels to avoid this error :( >> >> - Ken >> >> On Wed, Jul 13, 2016 at 2:32 PM, Muminul Islam Russell <misla011@xxxxxxx> wrote: >>> FYI: >>> >>> The issue is in later kernel i.e in may case 4.1.12. >>> >>> Not reproducible in 3.8 or 3.10 kernel. >>> >>> -- >>> Muminul >>> >>> On Wed, Jul 13, 2016 at 1:01 PM, Muminul Islam Russell <misla011@xxxxxxx> wrote: >>>> I am using Kernel 4.1.12 and Ceph 10.2.2. >>>> >>>> Thanks, >>>> Muminul >>>> >>>> On Wed, Jul 13, 2016 at 12:14 PM, Ken Dreyer <kdreyer@xxxxxxxxxx> wrote: >>>>> Hi Muminul, >>>>> >>>>> Are you running with all the latest updates? >>>>> >>>>> Do you still experience issues with kernel 3.10.0-327.22.2.el7 ? >>>>> >>>>> - Ken >>>>> >>>>> On Wed, Jul 13, 2016 at 12:46 PM, Muminul Islam Russell >>>>> <misla011@xxxxxxx> wrote: >>>>>> Hello, >>>>>> >>>>>> I got the following error while installing ceph-selinux. >>>>>> >>>>>> kernel: SELinux: Permission audit_read in class capability2 not defined in >>>>>> policy. >>>>>> kernel: SELinux: Class binder not defined in policy. >>>>>> kernel: SELinux: the above unknown classes and permissions will be allowed >>>>>> >>>>>> command to reproduce the error: >>>>>> /usr/sbin/semodule -i /usr/share/selinux/packages/ceph.pp >>>>>> >>>>>> Then check the output in syslog. >>>>>> >>>>>> Info: >>>>>> These are object classes and av permissions that were introduced in the >>>>>> newer kernel, but ceph-selinux policy is for the older kernel and thus does >>>>>> not know these new object classes and av permissions. So they will just be >>>>>> ignored (allowed). So other than a few warnings it really does not >>>>>> affect anything or change the behavior of the policy I believe. >>>>>> >>>>>> But we could just get rid of this warnings. >>>>>> >>>>>> Thanks, >>>>>> Muminul >>>>>> -- >>>>>> To unsubscribe from this list: send the line "unsubscribe ceph-devel" in >>>>>> the body of a message to majordomo@xxxxxxxxxxxxxxx >>>>>> More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
