https://bugzilla.redhat.com/show_bug.cgi?id=1990930 --- Comment #1 from Davide Cavalca <dcavalca@xxxxxx> --- Note: this needs to execute files from /var/lib/resctl-demo so it'll need some SELinux policy work. Right now it fails with a bunch of AVCs with SELinux enabled: Aug 06 09:45:52 fedora systemd[1]: Started rd-sideloader.service /var/lib/resctl-demo/misc-bin/sideloader.py --config /var/lib/resctl-demo/sideloader/config.json --jobdir /var/lib/resctl-demo/sideloader/jobs.d --status /var/lib/resctl-demo/sideloader/status.json --svc-prefix rd-sideload- --dev sda --dont-fix. Aug 06 09:45:52 fedora audit[2603]: AVC avc: denied { execute } for pid=2603 comm="(oader.py)" name="sideloader.py" dev="sda2" ino=332220 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=0 Aug 06 09:45:52 fedora systemd[2603]: rd-sideloader.service: Failed to locate executable /var/lib/resctl-demo/misc-bin/sideloader.py: Permission denied Aug 06 09:45:52 fedora systemd[2603]: rd-sideloader.service: Failed at step EXEC spawning /var/lib/resctl-demo/misc-bin/sideloader.py: Permission denied When in permissive mode: Aug 06 09:49:14 fedora systemd[1]: Started rd-sideloader.service /var/lib/resctl-demo/misc-bin/sideloader.py --config /var/lib/resctl-demo/sideloader/config.json --jobdir /var/lib/resctl-demo/sideloader/jobs.d --status /var/lib/resctl-demo/sideloader/status.json --svc-prefix rd-sideload- --dev sda --dont-fix. Aug 06 09:49:14 fedora audit[2788]: AVC avc: denied { execute } for pid=2788 comm="(oader.py)" name="sideloader.py" dev="sda2" ino=332220 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=1 Aug 06 09:49:14 fedora audit[2788]: AVC avc: denied { execute_no_trans } for pid=2788 comm="(oader.py)" path="/var/lib/resctl-demo/misc-bin/sideloader.py" dev="sda2" ino=332220 scontext=system_u:system_r:init_t:s0 tcontext=unconfined_u:object_r:var_lib_t:s0 tclass=file permissive=1 -- You are receiving this mail because: You are always notified about changes to this product and component You are on the CC list for the bug. _______________________________________________ package-review mailing list -- package-review@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-review-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-review@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
