Bug 300741 - RHEL 5 SELinux errors with iscsid during iSCSI target exception test
RHEL 5 SELinux errors with iscsid during iSCSI target exception test
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Depends On:
  Show dependency treegraph
Reported: 2007-09-21 12:26 EDT by khtan
Modified: 2007-11-30 17:07 EST (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-11-26 11:39:42 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
SELinux conf file (448 bytes, text/plain)
2007-09-21 12:26 EDT, khtan
no flags Details

  None (edit)
Description khtan 2007-09-21 12:26:17 EDT
Description of problem:
Unexpected SELinux error message during iSCSI target exception testing:

Aug 29 11:27:55 srv01 setroubleshoot:      SELinux is preventing iscsid
(iscsid_t) "read" access to meminfo (proc_t).      For complete SELinux
messages. run sealert -l 43cf1922-eedd-4526-ac77-cc41a920f67b

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
Started with iSCSI system with 2 Bulldog controllers, and configured with two
iSCSI ssid connection "sessions:

1) Created 4 RAID0 disk groups

2) Assigned them to qty-2 iSidewinder controllers (Bulldog).  Assigned 2 groups
each to controller 0 and to controller 1.

3) Ran heavy IO (using command "iogen -n10 -b512k -d sdb" for instance to run
exerciser on virtual disk SDB.  Ran heavy IO using same command on all 4 virtual

4)Used Rossini to take controller 1 offline, then pulled controller 1 out of
slot in 

5)Verified that I/O resumed on fail-over path and controller 1 marked offline.

6)Replaced controller into system put controller 1 back online via Rossini,
looked at recovery Guru, and "virtual disk not on preferred path" error
persisted even though both controllers were in system.

7) Looked at the "view/end iscsi sessions" entry under the iSCSI tab.  Though
originally there were two instances of connections (i.e. two unique SSIDs for 
connection, temporarily only one was evident.  Eventually, the second connection
showed back up in this view.

8) Showed to Rob, who looked for instances of missing connection in
/var/log/messages file (attached "messages" file)...which he noted evidence of
missing connection.
Actual results:

Expected results:

Additional info:
Is iscsid killed when you see the selinux errors and does the session evetually
come back?
I don't know whether iSCSId was killed when I had the selinux errors
(unfortunately didn't note the daemons at the time, and don't have this error on
the system anymore)...sorry I can't answer this now, I don't know.  The session
just seemed to come back on its own after awhile after disappearing

Could you also just tell me how you started the iscsi service?

I wrote a script to find the targets to start the issi service, but at that
time, I was manually going through and finding thepotential targets by first doing:

iscisadm --mode discovery --type sendtargets --portal
(which generates a list of potential targets)
then do

iscsiadm --mode node --targetname<target> --portal --login 
iscsiadm --mode node --targetname<target> --portal
iscsiadm --mode node --targetname<target> --portal
iscsiadm --mode node --targetname<target> --portal
where <target> is list of potential targets from discovery command above
Comment 1 khtan 2007-09-21 12:26:17 EDT
Created attachment 202551 [details]
SELinux conf file
Comment 2 Daniel Walsh 2007-09-21 14:37:39 EDT
Please attach /var/log/audit/audit.log
Comment 3 Daniel Walsh 2007-09-21 14:52:55 EDT
Also could you put the machine in permissive mode and grab all of the iscsi
avc's when it starts.

Comment 4 RHEL Product and Program Management 2007-10-15 23:38:50 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
Comment 5 Daniel Walsh 2007-11-26 11:39:42 EST
Without further input there is nothing I can do to fix this problem.

Note You need to log in before you can comment on or make changes to this bug.