[lustre-discuss] Lustre client cannot access file system with SELinux enabled
sbuisson at ddn.com
Mon Dec 5 00:59:09 PST 2016
I guess your problem shows SELinux works just fine on Lustre :)
The SELinux policy enforced on your CentOS client does not allow Apache server to access files that have the ‘system_u:object_r:unlabeled_t:s0’ security context.
To see the SELinux denial messages please make sure you issue this command:
# semanage dontaudit off
Messages should be written to /var/log/audit/audit.log.
> Le 1 déc. 2016 à 22:10, Michael Watters <wattersm at watters.ws> a écrit :
> I have a lustre client running CentOS 7.2 with lustre 2.8 which is having issues accessing files on the lustre mount from Apache. There are no AVC denials shown in the logs however Apache does show an error in the logs as follows.
> > AH00035: access to /repos/centos2/index.html denied (filesystem path '/var/www/html/repos/centos2/index.html') because search permissions are missing on a component of the path
> I checked file permissions and they are fine. SELinux context is set to unlabeled_t as shown by ls -lZ.
> [root at srv1 pub]# ls -lZ
> drwxrwxr-x. mirrmaid mirrmaid system_u:object_r:unlabeled_t:s0 centos
> I attempted to chcon the files to allow apache access however that also errors out.
> [root at srv1 pub]# chcon -v r:httpd_sys_content_t:s0 centos/
> changing security context of ‘centos/’
> chcon: failed to change context of ‘centos/’ to ‘r:httpd_sys_content_t:s0’: Invalid argument
> Does Lustre 2.8 support SELinux or should I simply turn SELinux off? Is there a way to make SELinux labels work properly?
> lustre-discuss mailing list
> lustre-discuss at lists.lustre.org
More information about the lustre-discuss