So far fixing the SELinux rules doesn't seem to do the trick, even
though audit2allow returned some rules. As recommended in the
manpage you can then compile these rules to a new policy (in the case
the existing policy is not functioning properly).
# cat /var/log/audit/audit.log | grep iscsi | audit2allow -m local >
local.te
# checkmodule -M -m -o local.mod local.te
# semodule_package -o local.pp -m local.mod
# semodule -i local.pp
netstat -nlt|grep 3260
<< no results >>
So I'm back to tgtd which does bind a listener properly, unless I can
solve why that is.
- afields
On 31-Jan-08, at 11:31 PM, Joe Burpee wrote:
On Thu, Jan 31, 2008 at 16:53:14 -0500, Allan Fields wrote:
One thing to note is the iscsid requires SELinux rules to be
enabled. I am
not 100% certain if the below rules are preventing the daemon from
connecting to it's listener socket, or if I've perhaps done
something wrong
FWIW setroubleshoot/sealert will analyze avc messages, but it may be
simpler just to try audit2allow and see if it cranks out any relevant
"allow" rules. If there are some rules that you want/need, you can
load
them as a separate module.
Joe
_______________________________________________
Linux mailing list
Linux [ at ] lists [ dot ] oclug [ dot ] on [ dot ] ca
http://oclug.on.ca/mailman/listinfo/linux