Description of problem: fail to start openvswitch on rhel8.1 with selinux enable Version-Release number of selected component (if applicable): [root@hp-dl380g10-04 ~]# uname -a Linux hp-dl380g10-04.rhts.eng.pek2.redhat.com 4.18.0-107.el8.x86_64 #1 SMP Fri Jun 14 13:46:34 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux [root@hp-dl380g10-04 images]# rpm -qa| grep openvswitch kernel-kernel-networking-openvswitch-ovs_qinq_dpdk-1.3-37.noarch openvswitch-selinux-extra-policy-1.0-16.el8fdp.noarch openvswitch2.11-2.11.0-18.el8fdp.x86_64 [root@hp-dl380g10-04 images]# How reproducible: everytime Steps to Reproduce: 1.setenforce 1 2.install openvswitch packet 3.systemctl restart openvswitch Actual results: [root@hp-dl380g10-04 images]# rpm -ivh http://download-node-02.eng.bos.redhat.com/brewroot/packages/openvswitch2.11/2.11.0/18.el8fdp/x86_64/openvswitch2.11-2.11.0-18.el8fdp.x86_64.rpm Retrieving http://download-node-02.eng.bos.redhat.com/brewroot/packages/openvswitch2.11/2.11.0/18.el8fdp/x86_64/openvswitch2.11-2.11.0-18.el8fdp.x86_64.rpm Verifying... ################################# [100%] Preparing... ################################# [100%] Updating / installing... 1:openvswitch2.11-2.11.0-18.el8fdp ################################# [100%] [root@hp-dl380g10-04 images]# [root@hp-dl380g10-04 images]# [root@hp-dl380g10-04 images]# systemctl restart openvswitch A dependency job for openvswitch.service failed. See 'journalctl -xe' for details. [root@hp-dl380g10-04 images]# journalctl -xe Jul 22 23:16:11 hp-dl380g10-04.rhts.eng.pek2.redhat.com systemd[1]: ovs-vswitchd.service: Control > Jul 22 23:16:11 hp-dl380g10-04.rhts.eng.pek2.redhat.com systemd[1]: ovs-vswitchd.service: Failed w> Jul 22 23:16:11 hp-dl380g10-04.rhts.eng.pek2.redhat.com systemd[1]: Failed to start Open vSwitch F> -- Subject: Unit ovs-vswitchd.service has failed -- Defined-By: systemd -- Support: https://access.redhat.com/support -- -- Unit ovs-vswitchd.service has failed. -- -- The result is RESULT. Jul 22 23:16:12 hp-dl380g10-04.rhts.eng.pek2.redhat.com systemd[1]: ovs-vswitchd.service: Service > Jul 22 23:16:12 hp-dl380g10-04.rhts.eng.pek2.redhat.com systemd[1]: ovs-vswitchd.service: Schedule> -- Subject: Automatic restarting of a unit has been scheduled -- Defined-By: systemd -- Support: https://access.redhat.com/support -- -- Automatic restarting of the unit ovs-vswitchd.service has been scheduled, as the result for -- the configured Restart= setting for the unit. Jul 22 23:16:12 hp-dl380g10-04.rhts.eng.pek2.redhat.com systemd[1]: Stopped Open vSwitch Forwardin> -- Subject: Unit ovs-vswitchd.service has finished shutting down -- Defined-By: systemd -- Support: https://access.redhat.com/support -- -- Unit ovs-vswitchd.service has finished shutting down. Jul 22 23:16:12 hp-dl380g10-04.rhts.eng.pek2.redhat.com systemd[1]: ovs-vswitchd.service: Start re> Jul 22 23:16:12 hp-dl380g10-04.rhts.eng.pek2.redhat.com systemd[1]: ovs-vswitchd.service: Failed w> Jul 22 23:16:12 hp-dl380g10-04.rhts.eng.pek2.redhat.com systemd[1]: Failed to start Open vSwitch F> -- Subject: Unit ovs-vswitchd.service has failed -- Defined-By: systemd -- Support: https://access.redhat.com/support -- -- Unit ovs-vswitchd.service has failed. -- -- The result is RESULT. Expected results: Additional info: no issue if setenforce 0 [root@hp-dl380g10-04 images]# setenforce 0 [root@hp-dl380g10-04 images]# systemctl restart openvswitch
Created attachment 1596850 [details] audit.log It still fails with the -18 version.I have pasted the audit.log,please check it. [root@dell-per730-42 ~]# rpm -qa | grep openvswitch openvswitch2.11-2.11.0-18.el7fdp.x86_64 openvswitch-selinux-extra-policy-1.0-18.el8fdp.noarch [root@dell-per730-42 ~]# [root@dell-per730-42 ~]# getenforce Enforcing [root@dell-per730-42 ~]# systemctl start openvswitch A dependency job for openvswitch.service failed. See 'journalctl -xe' for details. [root@dell-per730-42 ~]# journalctl -xe -- Defined-By: systemd -- Support: https://access.redhat.com/support -- -- Unit ovs-delete-transient-ports.service has failed. -- -- The result is RESULT. Jul 31 22:48:09 dell-per730-42.rhts.eng.pek2.redhat.com restraintd[6079]: *** Current Time: Wed Jul 31 22:48:09 2019 Localwatchdog at: * Disabled! * Jul 31 22:49:09 dell-per730-42.rhts.eng.pek2.redhat.com restraintd[6079]: *** Current Time: Wed Jul 31 22:49:09 2019 Localwatchdog at: * Disabled! * Jul 31 22:50:09 dell-per730-42.rhts.eng.pek2.redhat.com restraintd[6079]: *** Current Time: Wed Jul 31 22:50:09 2019 Localwatchdog at: * Disabled! * Jul 31 22:50:46 dell-per730-42.rhts.eng.pek2.redhat.com systemd[1]: Starting Cleanup of Temporary Directories... -- Subject: Unit systemd-tmpfiles-clean.service has begun start-up -- Defined-By: systemd -- Support: https://access.redhat.com/support -- -- Unit systemd-tmpfiles-clean.service has begun starting up. Jul 31 22:50:46 dell-per730-42.rhts.eng.pek2.redhat.com systemd-tmpfiles[22204]: [/usr/lib/tmpfiles.d/radvd.conf:1] Line references path below legacy direc> Jul 31 22:50:46 dell-per730-42.rhts.eng.pek2.redhat.com systemd-tmpfiles[22204]: [/usr/lib/tmpfiles.d/subscription-manager.conf:1] Line references path bel> Jul 31 22:50:46 dell-per730-42.rhts.eng.pek2.redhat.com systemd[1]: Started Cleanup of Temporary Directories. -- Subject: Unit systemd-tmpfiles-clean.service has finished start-up -- Defined-By: systemd -- Support: https://access.redhat.com/support -- -- Unit systemd-tmpfiles-clean.service has finished starting up. -- -- The start-up result is RESULT. Jul 31 22:51:09 dell-per730-42.rhts.eng.pek2.redhat.com restraintd[6079]: *** Current Time: Wed Jul 31 22:51:09 2019 Localwatchdog at: * Disabled! * Jul 31 22:51:09 dell-per730-42.rhts.eng.pek2.redhat.com systemd[1]: Starting SSSD Kerberos Cache Manager... -- Subject: Unit sssd-kcm.service has begun start-up -- Defined-By: systemd -- Support: https://access.redhat.com/support -- -- Unit sssd-kcm.service has begun starting up. Jul 31 22:51:09 dell-per730-42.rhts.eng.pek2.redhat.com systemd[1]: Started SSSD Kerberos Cache Manager. -- Subject: Unit sssd-kcm.service has finished start-up -- Defined-By: systemd -- Support: https://access.redhat.com/support -- -- Unit sssd-kcm.service has finished starting up. -- -- The start-up result is RESULT. Jul 31 22:51:09 dell-per730-42.rhts.eng.pek2.redhat.com sssd[kcm][22222]: Starting up [root@dell-per730-42 ~]#
Comment on attachment 1596850 [details] audit.log The log doesn't show any AVC denials. How do you determine this is an OVS selinux issue?
Hi, I found in comment2 I used wrong ovs package,very sorry for that.I have tried again,and no issue for the -18 selinux version.The issue is only on -16 version. [root@dell-per730-42 ~]# getenforce Enforcing [root@dell-per730-42 ~]# rpm -qa | grep openvswitch [root@dell-per730-42 ~]# rpm -ivh openvswitch-selinux-extra-policy-1.0-18.el8fdp.noarch.rpm Verifying... ################################# [100%] Preparing... ################################# [100%] Updating / installing... 1:openvswitch-selinux-extra-policy-################################# [100%] [root@dell-per730-42 ~]# rpm -ivh openvswitch2.11-2.11.0-18.el8fdp.x86_64.rpm Verifying... ################################# [100%] Preparing... ################################# [100%] Updating / installing... 1:openvswitch2.11-2.11.0-18.el8fdp ################################# [100%] [root@dell-per730-42 ~]# systemctl start openvswitch [root@dell-per730-42 ~]# [root@dell-per730-42 ~]# rpm -qa | grep openvswitch openvswitch-selinux-extra-policy-1.0-18.el8fdp.noarch openvswitch2.11-2.11.0-18.el8fdp.x86_64 [root@dell-per730-42 ~]# Issue found on -16 version: [root@dell-per730-42 ~]# rpm -ivh openvswitch-selinux-extra-policy-1.0-16.el8fdp.noarch.rpm Verifying... ################################# [100%] Preparing... ################################# [100%] Updating / installing... 1:openvswitch-selinux-extra-policy-################################# [100%] [root@dell-per730-42 ~]# ll total 12452 -rw-------. 1 root root 19497 Aug 2 02:53 anaconda-ks.cfg -rw-r--r--. 1 root root 4 Aug 2 02:52 NETBOOT_METHOD.TXT -rw-r--r--. 1 root root 12681052 Jul 18 10:28 openvswitch2.11-2.11.0-18.el8fdp.x86_64.rpm -rw-r--r--. 1 root root 14052 Jun 14 11:04 openvswitch-selinux-extra-policy-1.0-16.el8fdp.noarch.rpm -rw-------. 1 root root 20927 Aug 2 02:53 original-ks.cfg -rw-r--r--. 1 root root 8 Aug 2 02:52 RECIPE.TXT [root@dell-per730-42 ~]# rpm -ivh openvswitch2.11-2.11.0-18.el8fdp.x86_64.rpm Verifying... ################################# [100%] Preparing... ################################# [100%] Updating / installing... 1:openvswitch2.11-2.11.0-18.el8fdp ################################# [100%] [root@dell-per730-42 ~]# systemctl start openvswitch A dependency job for openvswitch.service failed. See 'journalctl -xe' for details. [root@dell-per730-42 ~]#