Hello,
I'm using Fedora Server as an iSCSI Shared Storage. When I rebooted my server then the "iscsi.service" couldn't load:
[root@node3 ~]# systemctl status iscsi.service
● iscsi.service - Login and scanning of iSCSI devices
Loaded: loaded (/usr/lib/systemd/system/iscsi.service; enabled; vendor preset: enabled)
Active: inactive (dead)
Condition: start condition failed at Sat 2021-04-03 18:49:08 +0430; 2s ago
└─ ConditionDirectoryNotEmpty=/var/lib/iscsi/nodes was not met
Docs: man:iscsiadm(8)
man:iscsid(8)
Apr 03 18:39:17 node3.localhost.localdomain systemd[1]: Condition check resulted in Login and scanning of iSCSI devices being skipped.
Apr 03 18:39:17 node3.localhost.localdomain systemd[1]: iscsi.service: Unit cannot be reloaded because it is inactive.
Apr 03 18:39:17 node3.localhost.localdomain systemd[1]: iscsi.service: Unit cannot be reloaded because it is inactive.
Apr 03 18:49:08 node3.localhost.localdomain systemd[1]: Condition check resulted in Login and scanning of iSCSI devices being skipped.
SELinux is enabled on my Fedora Server:
# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 33
[root@node3 ~]# ps -eZ | grep iscsid_t
[root@node3 ~]#
And when I looked at the log, then I saw below errors:
# dmesg -H -l err
[Apr 4 15:05] [drm:vmw_host_log [vmwgfx]] *ERROR* Failed to send host log message.
[ +0.000009] [drm:vmw_host_log [vmwgfx]] *ERROR* Failed to send host log message.
[ +9.037994] dev[000000004a7f146c]: Unable to change SE Device alua_support: alua_support has fixed value
[ +0.000014] dev[000000004a7f146c]: Unable to change SE Device alua_support: alua_support has fixed value
[ +0.000798] dev[000000004a7f146c]: Unable to change SE Device pgr_support: pgr_support has fixed value
[ +0.000004] dev[000000004a7f146c]: Unable to change SE Device pgr_support: pgr_support has fixed value
How can I configure SELinux for an iSCSI Shared Storage?
Hi,
Do you have any indication it was SELinux blocking some access? Can you look for AVCs in the audit log? Which Fedora version it is?
# ausearch -i -m avc,user_avc,selinux_err,user_selinux_err -ts today
Thank you.
_______________________________________________
selinux mailing list -- selinux@lists.fedoraproject.org
To unsubscribe send an email to selinux-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@lists.fedoraproject.org
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure