Re: iscsi.service: Unit cannot be reloaded because it is inactive.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 





On Wed, Apr 7, 2021 at 5:39 PM Jason Long <hack3rcon@xxxxxxxxx> wrote:
Thank you.
I'm using Fedora Server 33 and the output of your command is:

# ausearch -i -m avc,user_avc,selinux_err,user_selinux_err -ts today
----
type=AVC msg=audit(04/07/2021 20:00:30.231:144) : avc:  denied  { name_bind } for  pid=693 comm=unbound-anchor src="" scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=udp_socket permissive=0 
This should be fixed soon:
https://bugzilla.redhat.com/show_bug.cgi?id=1935101









On Tuesday, April 6, 2021, 02:37:59 PM GMT+4:30, Zdenek Pytela <zpytela@xxxxxxxxxx> wrote:







On Sun, Apr 4, 2021 at 12:56 PM Jason Long <hack3rcon@xxxxxxxxx> wrote:
> Hello,
> I'm using Fedora Server as an iSCSI Shared Storage. When I rebooted my server then the "iscsi.service" couldn't load:
>
> [root@node3 ~]# systemctl status iscsi.service 
> ● iscsi.service - Login and scanning of iSCSI devices
>      Loaded: loaded (/usr/lib/systemd/system/iscsi.service; enabled; vendor preset: enabled)
>      Active: inactive (dead)
>   Condition: start condition failed at Sat 2021-04-03 18:49:08 +0430; 2s ago
>              └─ ConditionDirectoryNotEmpty=/var/lib/iscsi/nodes was not met
>        Docs: man:iscsiadm(8)
>              man:iscsid(8)
>
>
>
>
> Apr 03 18:39:17 node3.localhost.localdomain systemd[1]: Condition check resulted in Login and scanning of iSCSI devices being skipped.
> Apr 03 18:39:17 node3.localhost.localdomain systemd[1]: iscsi.service: Unit cannot be reloaded because it is inactive.
> Apr 03 18:39:17 node3.localhost.localdomain systemd[1]: iscsi.service: Unit cannot be reloaded because it is inactive.
> Apr 03 18:49:08 node3.localhost.localdomain systemd[1]: Condition check resulted in Login and scanning of iSCSI devices being skipped.
>
>
> SELinux is enabled on my Fedora Server:
>
> # sestatus 
> SELinux status:                 enabled
> SELinuxfs mount:                /sys/fs/selinux
> SELinux root directory:         /etc/selinux
> Loaded policy name:             targeted
> Current mode:                   enforcing
> Mode from config file:          enforcing
> Policy MLS status:              enabled
> Policy deny_unknown status:     allowed
> Memory protection checking:     actual (secure)
> Max kernel policy version:      33
>
> [root@node3 ~]# ps -eZ | grep iscsid_t
> [root@node3 ~]# 
>
> And when I looked at the log, then I saw below errors:
>
> # dmesg -H -l err
> [Apr 4 15:05] [drm:vmw_host_log [vmwgfx]] *ERROR* Failed to send host log message.
> [  +0.000009] [drm:vmw_host_log [vmwgfx]] *ERROR* Failed to send host log message.
> [  +9.037994] dev[000000004a7f146c]: Unable to change SE Device alua_support: alua_support has fixed value
> [  +0.000014] dev[000000004a7f146c]: Unable to change SE Device alua_support: alua_support has fixed value
> [  +0.000798] dev[000000004a7f146c]: Unable to change SE Device pgr_support: pgr_support has fixed value
> [  +0.000004] dev[000000004a7f146c]: Unable to change SE Device pgr_support: pgr_support has fixed value
>
> How can I configure SELinux for an iSCSI Shared Storage?
Hi,

Do you have any indication it was SELinux blocking some access? Can you look for AVCs in the audit log? Which Fedora version it is?

  # ausearch -i -m avc,user_avc,selinux_err,user_selinux_err -ts today


>  
> Thank you.
>
> _______________________________________________
> selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
> Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
>


--

Zdenek Pytela
Security SELinux team

_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure



--

Zdenek Pytela
Security SELinux team
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux