On Tue, 2017-01-24 at 19:40 +0200, Gilboa Davara wrote: > On Fri, Jan 20, 2017 at 4:04 PM, Stephen Smalley <sds@xxxxxxxxxxxxx> > wrote: > > > > On Fri, 2017-01-20 at 13:07 +0200, Gilboa Davara wrote: > > > > > > Hello Stephen, > > > > > > Thanks again for taking the time to answer me questions. I > > > appreciate > > > the effort. > > > > > > The log message are annoying but not the main issue, the main > > > problem > > > that SELinux seems to block my script from configuring > > > smp_affinity > > > from within a systemd service. > > > I'll be eternally grateful if you can point me at the right > > > direction > > > how to give my script the SELinux attributes required to > > > configure > > > smp_affinity from a systemd service domain. > > > > What other avc denials are you getting? The one you've listed so > > far > > isn't meaningful. > > > > Have you confirmed that it works correctly if you make SELinux > > permissive (i.e. is it truly SELinux that is preventing it from > > working)? > > > > Dropping to 'setenforce 0' removes the SELinux errors and the script > seem to execute faster (by an order of magnitude). > The weird thing is that even in enforcing mode, the script does > manage > to write the correct smp_affinity value, it simply takes it a couple > of retries. Ok, so what avc messages do you get when you run the script in permissive? If you aren't seeing any others, then retry after running semodule -DB, and then run semodule -B afterward. _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
