https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 https://jira.whamcloud.com/browse/LU-7417 Lustre <p>Enabled SElinux on Client node and tried running sanity.sh Got the following output in terminal window:</p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre>[root@eagle-52vm5 tests]# sestatus SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 24 Policy from config file: targeted [root@eagle-52vm5 tests]# ./auster -v -r -l sanity --only 1 Started at Wed Nov 11 13:01:36 PST 2015 eagle-52vm5: Permission denied. [root@eagle-52vm5 tests]# </pre> </div></div> <p>Tests ran fine when SElinux was in disabled or permissive mode.</p> 1 Client node, 1 MDS node, 1 OSS node (with two OSTs)<br/> LU-7417

Permission Denied on enforcing SElinux on Client

Bug Minor Closed Duplicate Saurabh Tandan Saurabh Tandan Wed, 11 Nov 2015 00:20:19 +0000 Fri, 13 Nov 2015 21:19:06 +0000 Fri, 13 Nov 2015 21:19:06 +0000 0 6 <p>Have you checked that the SELinux contexts are correct on /root/.ssh and /root/.ssh/*?</p> <p>John, I checked the SElinux contexts on /root/.ssh and /root/.ssh/* , it looks good to me.<br/> they are as follows:</p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre>[root@eagle-52vm5 tests]# ls -dZ /root/.ssh/ drwx------. root root system_u:object_r:ssh_home_t:s0 /root/.ssh/ [root@eagle-52vm5 tests]# ls -Z /root/.ssh/ -rw-r--r--. root root system_u:object_r:ssh_home_t:s0 authorized_keys -rw-r--r--. root root system_u:object_r:ssh_home_t:s0 known_hosts </pre> </div></div> <p>What are they?</p> <p>Also please figure out what's printing 'Permission denied'? And from exactly which lines in auster/test-framework/sanity/...?</p> <p>/var/log/messages show the following:</p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre>Nov 11 13:11:40 eagle-52vm5 xinetd[1558]: START: shell pid=2526 from=::ffff:10.100.4.186 Nov 11 13:11:40 eagle-52vm5 rshd[2526]: rsh denied to root@eagle-52vm5.eagle.hpdd.intel.com as root: Permission denied. Nov 11 13:11:40 eagle-52vm5 rshd[2526]: rsh command was '(PATH=$PATH:/usr/lib64/lustre/utils:/usr/lib64/lustre/tests:/sbin:/usr/sbin; cd /usr/lib64/lustre/tests; LUSTRE="/usr/lib64/lustre" VERBOSE=false FSTYPE=ldiskfs NETTYPE=tcp sh -c "PATH=/usr/lib64/lustre/tests:/usr/lib/lustre/tests:/usr/lib64/lustre/tests:/usr/lib64/lustre/tests/mpi:/usr/lib64/lustre/tests/racer:/usr/lib64/lustre/../lustre-iokit/sgpdd-survey:/usr/lib64/lustre/tests:/usr/lib64/lustre/utils/gss:/usr/lib64/lustre/utils:/usr/lib64/qt-3.3/bin:/usr/lib64/openmpi/bin:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin::/sbin:/bin:/usr/sbin: NAME=local sh rpc.sh check_config_client /mnt/lustre ");echo XXRETCODE:$?' Nov 11 13:11:40 eagle-52vm5 xinetd[1558]: EXIT: shell status=1 pid=2526 duration=0(sec) [root@eagle-52vm5 tests]# </pre> </div></div> <p>/var/log/secure shows :</p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre>Nov 11 13:11:40 eagle-52vm5 rshd[2526]: pam_rhosts(rsh:auth): allowed access to root@eagle-52vm5.eagle.hpdd.intel.com as root Nov 11 13:11:40 eagle-52vm5 rshd[2526]: pam_limits(rsh:session): Could not set limit for 'memlock': Permission denied Nov 11 13:11:40 eagle-52vm5 rshd[2526]: pam_unix(rsh:session): session opened for user root by (uid=0) </pre> </div></div> <p>Does ssh work between the nodes? You could configure pdsh to use that.</p> <p>Otherwise, what do you see in /var/log/audit/audit.log on the remote host when you try to rsh? (It looks like you are rsh-ing from eagle-52vm5 to eagle-52vm5.)</p> <p>Yes, I recon u are correct. It appears its trying to rsh from eagle-52vm5 to eagle-52vm5 according to /var/log/audit/audit.log</p> <div class="preformatted panel" style="border-width: 1px;"><div class="preformattedContent panelContent"> <pre>type=USER_AUTH msg=audit(1447354166.507:1137): user pid=8070 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:rshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication acct="root" exe="/usr/sbin/in.rshd" hostname=eagle-52vm5.eagle.hpdd.intel.com addr=10.100.4.186 terminal=rsh res=success' type=USER_ACCT msg=audit(1447354166.518:1138): user pid=8070 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:rshd_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/in.rshd" hostname=eagle-52vm5.eagle.hpdd.intel.com addr=10.100.4.186 terminal=rsh res=success' type=CRED_ACQ msg=audit(1447354166.521:1139): user pid=8070 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:rshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/in.rshd" hostname=eagle-52vm5.eagle.hpdd.intel.com addr=10.100.4.186 terminal=rsh res=success' type=LOGIN msg=audit(1447354166.524:1140): pid=8070 uid=0 subj=system_u:system_r:rshd_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=172 type=AVC msg=audit(1447354166.524:1141): avc: denied { setrlimit } for pid=8070 comm="in.rshd" scontext=system_u:system_r:rshd_t:s0-s0:c0.c1023 tcontext=system_u:system_r:rshd_t:s0-s0:c0.c1023 tclass=process type=SYSCALL msg=audit(1447354166.524:1141): arch=c000003e syscall=160 success=no exit=-13 a0=8 a1=7fff309dc7a0 a2=0 a3=26 items=0 ppid=1558 pid=8070 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=172 comm="in.rshd" exe="/usr/sbin/in.rshd" subj=system_u:system_r:rshd_t:s0-s0:c0.c1023 key=(null) type=USER_START msg=audit(1447354166.525:1142): user pid=8070 uid=0 auid=0 ses=172 subj=system_u:system_r:rshd_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/in.rshd" hostname=eagle-52vm5.eagle.hpdd.intel.com addr=10.100.4.186 terminal=rsh res=failed' type=USER_LOGIN msg=audit(1447354166.527:1143): user pid=8070 uid=0 auid=0 ses=172 subj=system_u:system_r:rshd_t:s0-s0:c0.c1023 msg='op=login acct="root" exe="/usr/sbin/in.rshd" hostname=eagle-52vm5.eagle.hpdd.intel.com addr=10.100.4.186 terminal=rsh res=failed' type=USER_ACCT msg=audit(1447354201.227:1144): user pid=8075 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=CRED_ACQ msg=audit(1447354201.227:1145): user pid=8075 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=LOGIN msg=audit(1447354201.236:1146): pid=8075 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old auid=4294967295 new auid=0 old ses=4294967295 new ses=173 type=USER_START msg=audit(1447354201.246:1147): user pid=8075 uid=0 auid=0 ses=173 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=CRED_DISP msg=audit(1447354201.349:1148): user pid=8075 uid=0 auid=0 ses=173 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' type=USER_END msg=audit(1447354201.350:1149): user pid=8075 uid=0 auid=0 ses=173 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close acct="root" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success' </pre> </div></div> <p>TEI-4187</p> Related LU-6950 LU-5560 Development Rank 1|hzxss7: Rank (Obsolete) 9223372036854775807 Severity