Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Installation with selinux on centralmanagement bundle #58

Open
tonin opened this issue Sep 4, 2019 · 2 comments

Comments

@tonin
Copy link
Member

commented Sep 4, 2019

During the ls-registration-daemon package installation, as part of the perfsonar-centralmanagement bundle on CentOS-7 with yum, I'm seeing this error:

Installation : perfsonar-lsregistrationdaemon-4.2.0-1.el7.noarch
Failed to resolve typeattributeset statement at /etc/selinux/targeted/tmp/modules/400/lsregistrationdaemon/cil:28
semodule:  Failed!

The lsregistrationdaemon.pl is running after the installation, but the selinux policy for the ls-registration-daemon is not installed. That means the service is working fine and no restrictions are applied. The esmond service is correctly getting registered to the global LS after such an installation (see #61).

@tonin tonin self-assigned this Sep 9, 2019

@tonin tonin changed the title Installation with selinux Installation with selinux on centralmanagement bundle Sep 10, 2019

@tonin

This comment has been minimized.

Copy link
Member Author

commented Sep 10, 2019

This error is showing up because when the ls-registration-daemon is installed by the centralmanagement bundle OWAMP and TWAMP are not installed. But their ports are referenced in the selinux policy of the ls-registration-daemon.

@tonin

This comment has been minimized.

Copy link
Member Author

commented Sep 13, 2019

I think the best way to solve this would be to move all port definitions declared by perfSONAR packages as part of SElinux policies in a separate and global package. Then it can be inherited by all bundles or services that depend on it. As such, I think this can be moved to the 4.3.0 timeline.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.