[lustre-discuss] Lustre client cannot access file system with SELinux enabled

Michael Watters wattersm at watters.ws
Thu Dec 1 13:10:35 PST 2016


I have a lustre client running CentOS 7.2 with lustre 2.8 which is 
having issues accessing files on the lustre mount from Apache. There are 
no AVC denials shown in the logs however Apache does show an error in 
the logs as follows.

 > AH00035: access to /repos/centos2/index.html denied (filesystem path 
'/var/www/html/repos/centos2/index.html') because search permissions are 
missing on a component of the path

I checked file permissions and they are fine.  SELinux context is set to 
unlabeled_t as shown by ls -lZ.

[root at srv1 pub]# ls -lZ
drwxrwxr-x. mirrmaid mirrmaid system_u:object_r:unlabeled_t:s0 centos

I attempted to chcon the files to allow apache access however that also 
errors out.

[root at srv1 pub]# chcon -v r:httpd_sys_content_t:s0  centos/
changing security context of ‘centos/’
chcon: failed to change context of ‘centos/’ to 
‘r:httpd_sys_content_t:s0’: Invalid argument

Does Lustre 2.8 support SELinux or should I simply turn SELinux off?  Is 
there a way to make SELinux labels work properly?

More information about the lustre-discuss mailing list