[ovs-build] Passed: ovsrobot/ovs#143 (series_84850 - fc52bcb)

Travis CI builds at travis-ci.org
Tue Jan 8 00:46:58 UTC 2019


Build Update for ovsrobot/ovs
-------------------------------------

Build: #143
Status: Passed

Duration: 49 mins and 11 secs
Commit: fc52bcb (series_84850)
Author: Yi-Hung Wei
Message: selinux: Add missing permissions for ovs-kmod-ctl

Starting from OVS 2.10, ovs-vswitchd may fail to run after system reboot
since it fails to load ovs kernel module.  It is because the conntrack
zone limit feature introduced in OVS 2.10 now depends on
nf_conntrack_ipv4/6 kernel module, and the SELinux prevents it to load the
two kernel modules.

Example log of the AVC violations:
    type=AVC msg=audit(1546903594.735:29): avc:  denied  { execute_no_trans }
    for  pid=820 comm="modprobe" path="/usr/bin/bash" dev="dm-0" ino=50337111
    scontext=system_u:system_r:openvswitch_load_module_t:s0
    tcontext=system_u:object_r:shell_exec_t:s0 tclass=file

    type=AVC msg=audit(1546903594.791:30): avc:  denied  { module_request } for
    pid=819 comm="modprobe" kmod="nf_conntrack-2"
    scontext=system_u:system_r:openvswitch_load_module_t:s0
    tcontext=system_u:system_r:kernel_t:s0 tclass=system

This patch adds the missing permissions for modprobe command in ovs-kmod-ctl
so that the aforementioned issue is resolved.

VMWare-BZ: #2257534
Signed-off-by: Yi-Hung Wei <yihung.wei at gmail.com>
Signed-off-by: 0-day Robot <robot at bytheb.org>

View the changeset: https://github.com/ovsrobot/ovs/commit/fc52bcb61098

View the full build log and details: https://travis-ci.org/ovsrobot/ovs/builds/476615662?utm_medium=notification&utm_source=email

--

You can unsubscribe from build emails from the ovsrobot/ovs repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=22285853&utm_medium=notification&utm_source=email.
Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification&utm_source=email.
Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-build/attachments/20190108/997320f9/attachment-0001.html>


More information about the build mailing list