On Wed, Oct 22, 2014 at 9:34 AM, Flavio Leitner <[email protected]> wrote:
> On Wed, Oct 22, 2014 at 09:07:00AM -0700, Alex Wang wrote:
> > Thx for the reply Flavio,
> >
> > > Sorry, I was out for some days. Anyway as FYI, RHEL-7 and
> > > probably CentOS7 supports systemd, so we provide systemd service
> > > for openvswitch. Therefore, the sysv script isn't supported.
> > >
> >
> >
> > Thanks for notify this, just searched around, from my understanding,
> > systemctl dose not have subcommand for reloading the kernel module.
>
> You're correct. So far there is no such facility.
>
>
> > So, seems to me, the only way to reload kmod is to reboot machine...
> > And that way, the interface configurations are all lost.
> >
> > Do you know any workaround?
>
> Not that I know of. So, the idea behind the reload kmod is to
> re-create bridge and ports too?
>
yes, the ovs-save (/usr/share/openvswitch/scripts/ovs-save) file is for
storing
info like link state (Ethernet addresses, up/down, ...)
this script is invoked during reload-kmod~
> > Have you run the script in permissive mode to see if fixing
> > > that is enough?
> > > I will try to reproduce in my end as well.
> >
> > Yeah, if we set selinux to permissive mode or I `semanage permissive -a
> > openvswith_t`... then I do not have the issue.
>
> Yeah, because then you are allowing everything. But my question was
> more if there are more avc denials after that problem. I mean, once
> you have fixed/skipped the first problem, likely there is a second one
> and so forth. No worries, I will check myself later on.
>
Here are all the logs in one execution,
type=AVC msg=audit(1413996278.049:152): avc: denied { getattr } for
pid=3970 comm="ovs-save" path="/usr/sbin/ip" dev="dm-1" ino=67244283
scontext=unconfined_u:system_r:openvswitch_t:s0
tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1413996278.049:152): arch=c000003e syscall=4
success=yes exit=0 a0=1d6c670 a1=7fff19957b40 a2=7fff19957b40 a3=0 items=0
ppid=3969 pid=3970 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=pts0 ses=1 comm="ovs-save" exe="/usr/bin/bash"
subj=unconfined_u:system_r:openvswitch_t:s0 key=(null)
type=AVC msg=audit(1413996278.049:153): avc: denied { execute } for
pid=3970 comm="ovs-save" name="ip" dev="dm-1" ino=67244283
scontext=unconfined_u:system_r:openvswitch_t:s0
tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1413996278.049:153): arch=c000003e syscall=21
success=yes exit=0 a0=1d6c670 a1=1 a2=7fff19957a70 a3=7fff19957900 items=0
ppid=3969 pid=3970 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=pts0 ses=1 comm="ovs-save" exe="/usr/bin/bash"
subj=unconfined_u:system_r:openvswitch_t:s0 key=(null)
type=AVC msg=audit(1413996278.049:154): avc: denied { read } for
pid=3970 comm="ovs-save" name="ip" dev="dm-1" ino=67244283
scontext=unconfined_u:system_r:openvswitch_t:s0
tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1413996278.049:154): arch=c000003e syscall=21
success=yes exit=0 a0=1d6c670 a1=4 a2=7fff19957a70 a3=7fff19957900 items=0
ppid=3969 pid=3970 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=pts0 ses=1 comm="ovs-save" exe="/usr/bin/bash"
subj=unconfined_u:system_r:openvswitch_t:s0 key=(null)
type=AVC msg=audit(1413996278.049:155): avc: denied { open } for
pid=3970 comm="ovs-save" path="/usr/sbin/ip" dev="dm-1" ino=67244283
scontext=unconfined_u:system_r:openvswitch_t:s0
tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file
type=AVC msg=audit(1413996278.049:155): avc: denied { execute_no_trans }
for pid=3970 comm="ovs-save" path="/usr/sbin/ip" dev="dm-1" ino=67244283
scontext=unconfined_u:system_r:openvswitch_t:s0
tcontext=system_u:object_r:ifconfig_exec_t:s0 tclass=file
type=SYSCALL msg=audit(1413996278.049:155): arch=c000003e syscall=59
success=yes exit=0 a0=1d6c670 a1=1d7ba00 a2=1d6c930 a3=7fff19957a20 items=0
ppid=3969 pid=3970 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=pts0 ses=1 comm="ip" exe="/usr/sbin/ip"
subj=unconfined_u:system_r:openvswitch_t:s0 key=(null)
Thanks again,
> fbl
>
>
Thanks,
Alex Wang,
_______________________________________________
dev mailing list
[email protected]
http://openvswitch.org/mailman/listinfo/dev
