On Fri, Jan 20, 2017 at 4:04 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> wrote: > On Fri, 2017-01-20 at 13:07 +0200, Gilboa Davara wrote: >> Hello Stephen, >> >> Thanks again for taking the time to answer me questions. I appreciate >> the effort. >> >> The log message are annoying but not the main issue, the main problem >> that SELinux seems to block my script from configuring smp_affinity >> from within a systemd service. >> I'll be eternally grateful if you can point me at the right direction >> how to give my script the SELinux attributes required to configure >> smp_affinity from a systemd service domain. > > What other avc denials are you getting? The one you've listed so far > isn't meaningful. > > Have you confirmed that it works correctly if you make SELinux > permissive (i.e. is it truly SELinux that is preventing it from > working)? > Dropping to 'setenforce 0' removes the SELinux errors and the script seem to execute faster (by an order of magnitude). The weird thing is that even in enforcing mode, the script does manage to write the correct smp_affinity value, it simply takes it a couple of retries. - Gilboa _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
