Re: fedora 28 (kernel 4.16.14-300) console hang after try to link up

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



пт, 29 июн. 2018 г. в 20:18, Lukas Vrabec <lvrabec@xxxxxxxxxx>:
>
> On 06/27/2018 03:46 AM, Paul Moore wrote:
> > On Tue, Jun 26, 2018 at 10:40 AM Daniel Jurgens <danielj@xxxxxxxxxxxx> wrote:
> >> On 6/26/2018 3:04 AM, Vasiliy Tolstov wrote:
> >>> вт, 26 июн. 2018 г. в 5:26, Jason Gunthorpe <jgg@xxxxxxxxxxxx>:
> >>>> On Tue, Jun 26, 2018 at 03:24:00AM +0300, Vasiliy Tolstov wrote:
> >>>>> I'm debug this and i think that this is selinux problem, after i set
> >>>>> permissive selinux i have:
> >>>>> type=AVC msg=audit(1529969961.770:111): avc:  denied  { access } for
> >>>>> pid=932 comm="systemd-network" pkey=0xffff subnet_prefix=0:0:0:80fe::
> >>>>> scontext=system_u:system_r:systemd_modules_load_t:s0
> >>>>> tcontext=system_u:object_r:unlabeled_t:s0 tclass=infiniband_pkey
> >>>>> permissive=0
> >>
> >> The upstream refpolicy doesn't define systemd_modules_load_t, I think this will require an update to the fedora selinux policy to allow access to unlabeled pkeys for that type.  I've added Paul Moore, hopefully he knows how to make that happen.
> >
> > Hello,
> >
> > I've added Lukas Vrabec to the To/CC line on this email, he maintains
> > the Fedora/RHEL SELinux policy and would be the person who could get
> > this into Fedora.  When in doubt you can always file a BZ against
> > Fedora:
> >
> > * https://bugzilla.redhat.com
> >
> >>>> It shouldn't hang, that seems like some other kind of bug..
> >
> > The hang may be due to the fact that the system is running in SELinux
> > enforcing mode and the policy is setup to deny the access that is
> > being requested.  You can try booting the system in permissive mode, I
> > expect that will fix your problem.
> >
> > You can put your system in permissive mode by ensuring the following
> > entry is set in /etc/selinux/config and rebooting your system:
> >
> >   # grep "^SELINUX=" /etc/selinux/config
> >   SELINUX=permissive
> >
>
> Hi All,
>
> Please test your scenario with SELinux in PERMISSIVE mode, find for the
> SELinux denials:
> # ausearch -m AVC -ts recent
>
> And send me please output of the command above.
>
> Lukas.
>

Hi! I don't have new messages, because i can't reboot servers now, but
i have messages after i'm set permissive selinux:
time->Tue Jun 26 14:16:35 2018
type=PROCTITLE msg=audit(1530011795.839:118):
proctitle="/usr/lib/systemd/systemd-networkd"
type=SYSCALL msg=audit(1530011795.839:118): arch=c000003e syscall=44
success=yes exit=56 a0=3 a1=55b824b7d990 a2=38 a3=0 items=0 ppid=1
pid=988 auid=4294967295 uid=192 gid=192 euid=192 suid=192 fsuid=192
egid=192 sgid=192 fsgid=192 tty=(none) ses=4294967295
comm="systemd-network" exe="/usr/lib/systemd/systemd-networkd"
subj=system_u:system_r:systemd_networkd_t:s0 key=(null)
type=AVC msg=audit(1530011795.839:118): avc:  denied  { access } for
pid=988 comm="systemd-network" pkey=0xffff subnet_prefix=0:0:0:80fe::
scontext=system_u:system_r:systemd_modules_load_t:s0
tcontext=system_u:object_r:unlabeled_t:s0 tclass=infiniband_pkey
permissive=1



-- 
Vasiliy Tolstov,
e-mail: v.tolstov@xxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-rdma" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Photo]     [Yosemite News]     [Yosemite Photos]     [Linux Kernel]     [Linux SCSI]     [XFree86]

  Powered by Linux