View Issue Details

IDProjectCategoryView StatusLast Update
0012953CentOS-7opensmpublic2018-02-11 22:48
ReporterHopnet 
PrioritylowSeverityminorReproducibilityalways
Status newResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0012953: selinux blocks opensm from creating opensm-subnet.lst in /var/log
Descriptionopensm-3.3.19-1.el7.x86_64

type=AVC msg=audit(1489402280.339:3725): avc: denied { write } for pid=6045 comm="opensm" name="opensm-subnet.lst" dev="dm-4" ino=154 scontext=system_u:system_r:opensm_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file

grep ^dump_files /etc/rdma/opensm.conf
dump_files_dir /var/log/
Steps To Reproduceinstall & start opensm.

observe /var/log/opensm.log, for message like:
osm_dump_qmap_to_file: cannot create file '/var/log//opensm-subnet.lst': Permission denied
Additional InformationWorkaround: Create an alternate dump file location.

mkdir /var/log/opensm-dumpfiles
update dump_files_dir in /etc/rdma/opensm.conf
restart opensm
TagsInfiniBand
abrt_hash
URL

Activities

gastamper

gastamper

2018-02-11 22:43

reporter   ~0031212

Alternatively you can resolve this by updating the context of opensm-subnet.lst to system_u (and opensm_log_t, if you like) - this obviates the need to alter configuration files or default log locations.
TrevorH

TrevorH

2018-02-11 22:48

developer   ~0031213

To get this fixed you will need to raise a bug on bugzilla.redhat.com as CentOS only rebuilds what's in RHEL.

Issue History

Date Modified Username Field Change
2017-03-13 12:29 Hopnet New Issue
2017-03-13 12:29 Hopnet Tag Attached: InfiniBand
2018-02-11 22:43 gastamper Note Added: 0031212
2018-02-11 22:48 TrevorH Note Added: 0031213