I did not check all of the failed tests but those that I checked complained about dac_read_search. The dac_* family of capabilities complains that root is trying to access a file that the standard permissions does not allow him (root) to access (i.e. having 600 and ceph/ceph user/group). However, there is a lot of dac_* failures all throughout the system and the target contexts are different for these files (i.e. there would have to be a lot of files like that) so I am inclined to say that this is a kernel bug. Especially considering that this does not present in older/stock kernels where there already is a dac_override support. Anyway, it should be safe to ignore these (not our processes, not our files...) Regards, Boris On Wed, 2017-05-31 at 13:23 -0700, Yehuda Sadeh-Weinraub wrote: > We started seeing SELinux related failures in recent teuthology run, > e.g.: > http://pulpito.ceph.com/yehudasa-2017-05-30_14:55:10-rgw-wip-rgw-mdse > arch---basic-smithi/ > > It seems that it's unrelated to the runs themselves, possibly postfix > that's running in the background is triggering these. Any idea what > we > should do there? > > Yehuda -- To unsubscribe from this list: send the line "unsubscribe ceph-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
