On Wed 08-06-22 15:01:17, Amir Goldstein wrote: > On Wed, Jun 8, 2022 at 2:01 PM Gal Rosen <gal.rosen@xxxxxxxxxxxxxx> wrote: > > Regarding the EPERM, how do we continue to investigate it ? > > Besides adding prints to the kernel I don't know. > Basically, there is a file that is being opened by some process > that your listener process has no permissions to open, so > check with the people responsible to the SELinux policy what that could be. If it is SELinux denying the open, you should be able to set SELinux to logging mode so that you can see opens that are getting denied and why (I don't know SELinux so I cannot really give you details how to do it). But it is not necessarily SELinux that's causing the EPERM errors. It may be that you are watching e.g. some special filesystem like /proc/ and the open gets denied there... If you can reproduce the problem, you can enable some kernel tracing to get more information about the situation. Sadly it is not easy to get to the filename for which we are reporting the EPERM error so you'll need to use something like Systemtap (or eBPF) to get the information (about arguments and return value) from dentry_open() calls. Honza -- Jan Kara <jack@xxxxxxxx> SUSE Labs, CR
