[ovs-dev] '/etc/init.d/openvswitch force-reload-kmod' on RHEL7 fails,
Alex Wang
alexw at nicira.com
Tue Oct 21 01:03:26 UTC 2014
Hey Flavio,
We found when set selinux 'enforcing' on RHEL7/CentOS7,
The init.d script command 'force-reload-kmod' cannot work properly:
Shown below:
[root at ovs_team_rhel7]# /etc/init.d/openvswitch force-reload-kmod
Detected internal interfaces: [ OK ]
Saving flows [ OK ]
Killing ovsdb-server (11131) [ OK ]
Starting ovsdb-server [ OK ]
Configuring Open vSwitch system IDs [ OK ]
Killing ovs-vswitchd (11146) [ OK ]
*Saving interface configuration /usr/share/openvswitch/scripts/ovs-save: ip
not found in /*
*sbin:/usr/sbin:/bin:/usr/bin*
*[FAILED]*
*Failed to save configuration, not replacing kernel module ... (warning).*
Starting ovs-vswitchd [ OK ]
Enabling remote OVSDB managers [ OK ]
The reason seems to be that domain openvswitch_t does not have right
to access /usr/sbin/ => that's why ovs-save reports 'ip not found'
We are using the latest selinux-policy:
http://rpmfind.net//linux/RPM/centos/updates/7.0.1406/x86_64/Packages/selinux-policy-3.12.1-153.el7_0.11.noarch.html
We are using kernel: 3.10.0-123.8.1.el7.x86_64
I checked the selinux-policy-doc, it should support openvswitch running
shell long
ago...
* Fri Apr 05 2013 Miroslav Grepl <mgrepl at redhat.com> 3.12.1-26
- Try to label on controlC devices up to 30 correctly
......
- Allow openvswitch to execute shell
So, could you help us check and maybe try if you could reproduce it
yourself?
Thanks,
Alex Wang,
More information about the dev
mailing list