On Tue, Jun 26, 2018 at 10:40 AM Daniel Jurgens <danielj@xxxxxxxxxxxx> wrote:
> On 6/26/2018 3:04 AM, Vasiliy Tolstov wrote:
> > вт, 26 июн. 2018 г. в 5:26, Jason Gunthorpe <jgg@xxxxxxxxxxxx>:
> >> On Tue, Jun 26, 2018 at 03:24:00AM +0300, Vasiliy Tolstov wrote:
> >>> I'm debug this and i think that this is selinux problem, after i set
> >>> permissive selinux i have:
> >>> type=AVC msg=audit(1529969961.770:111): avc: denied { access } for
> >>> pid=932 comm="systemd-network" pkey=0xffff subnet_prefix=0:0:0:80fe::
> >>> scontext=system_u:system_r:systemd_modules_load_t:s0
> >>> tcontext=system_u:object_r:unlabeled_t:s0 tclass=infiniband_pkey
> >>> permissive=0
>
> The upstream refpolicy doesn't define systemd_modules_load_t, I think this will require an update to the fedora selinux policy to allow access to unlabeled pkeys for that type. I've added Paul Moore, hopefully he knows how to make that happen.
Hello,
I've added Lukas Vrabec to the To/CC line on this email, he maintains
the Fedora/RHEL SELinux policy and would be the person who could get
this into Fedora. When in doubt you can always file a BZ against
Fedora:
* https://bugzilla.redhat.com
> >> It shouldn't hang, that seems like some other kind of bug..
The hang may be due to the fact that the system is running in SELinux
enforcing mode and the policy is setup to deny the access that is
being requested. You can try booting the system in permissive mode, I
expect that will fix your problem.
You can put your system in permissive mode by ensuring the following
entry is set in /etc/selinux/config and rebooting your system:
# grep "^SELINUX=" /etc/selinux/config
SELINUX=permissive
> >> And it shouldn't print the subnet prefx in the wrong endian-ness
> >> (subnet_prefix=0:0:0:80fe::)
> This is a bug.
Who wants to send me a patch? ;)
--
paul moore
www.paul-moore.com
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
