-
Bug
-
Resolution: Open
-
Medium
-
None
-
19.01
-
CentOS Linux release 7.6.1810 (Core) deployed as a VM over ESXI
[root@IOK-NG ~]# lscpu
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 4
On-line CPU(s) list: 0-3
Thread(s) per core: 1
Core(s) per socket: 1
Socket(s): 4
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 45
Model name: Intel(R) Xeon(R) CPU E5-2640 0 @ 2.50GHz
Stepping: 7
CPU MHz: 2499.999
BogoMIPS: 4999.99
Hypervisor vendor: VMware
Virtualization type: full
L1d cache: 32K
L1i cache: 32K
L2 cache: 256K
L3 cache: 15360K
NUMA node0 CPU(s): 0-3
Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc arch_perfmon nopl xtopology tsc_reliable nonstop_tsc eagerfpu pni pclmulqdq ssse3 cx16 pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx hypervisor lahf_lm ibrs ibpb stibp tsc_adjust arat spec_ctrl intel_stibp arch_capabilitiesCentOS Linux release 7.6.1810 (Core) deployed as a VM over ESXI [root@IOK-NG ~] # lscpu Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian CPU(s): 4 On-line CPU(s) list: 0-3 Thread(s) per core: 1 Core(s) per socket: 1 Socket(s): 4 NUMA node(s): 1 Vendor ID: GenuineIntel CPU family: 6 Model: 45 Model name: Intel(R) Xeon(R) CPU E5-2640 0 @ 2.50GHz Stepping: 7 CPU MHz: 2499.999 BogoMIPS: 4999.99 Hypervisor vendor: VMware Virtualization type: full L1d cache: 32K L1i cache: 32K L2 cache: 256K L3 cache: 15360K NUMA node0 CPU(s): 0-3 Flags: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss syscall nx rdtscp lm constant_tsc arch_perfmon nopl xtopology tsc_reliable nonstop_tsc eagerfpu pni pclmulqdq ssse3 cx16 pcid sse4_1 sse4_2 x2apic popcnt tsc_deadline_timer aes xsave avx hypervisor lahf_lm ibrs ibpb stibp tsc_adjust arat spec_ctrl intel_stibp arch_capabilities
Hi,
I installed VPP on a centos VM which includes the vpp-selinux-policy package.
Even with that package, I had to create custom SELinux module to authorize access to /dev/vfio/ directory so I can create vmxnet3 interface.
I'm also facing a similar situation when I try to create a host-interface and link it with a veth interface. Here is what I see in the audit.logs:
type=AVC msg=audit(1554740751.564:59100): avc: denied { map } for pid=6078 comm="vpp_main" path="socket:[35534]" dev="sockfs" ino=35534 scontext=system_u:system_r:vpp_t:s0 tcontext=system_u:system_r:vpp_t:s0 tclass=packet_socket permissive=0
vpp# create host-interface name vpp2
create host-interface: Bad file descriptor (errno 9)
Below is the version installed:
vpp# show version verbose cmdline
Version: v19.01.1-release
Compiled by: root
Compile host: 44f6c5ae1118
Compile date: Wed Mar 6 23:25:46 UTC 2019
Compile location: /w/workspace/vpp-merge-1901-centos7
Compiler: GCC 7.3.1 20180303 (Red Hat 7.3.1-5)
Current PID: 6078
Command line arguments:
{{ /usr/bin/vpp}}
{{ unix}}
{{ {}}
{{ nodaemon}}
{{ log}}
{{ /var/log/vpp/vpp.log}}
{{ full-coredump}}
{{ cli-listen}}
{{ /run/vpp/cli.sock}}
{{ gid}}
{{ vpp}}
{{ exec}}
{{ /etc/vpp/vpp.conf}}
{{ }}}
{{ api-trace}}
{{ {}}
{{ on}}
{{ }}}
{{ api-segment}}
{{ {}}
{{ gid}}
{{ vpp}}
{{ }}}
{{ socksvr}}
{{ {}}
{{ default}}
{{ }}}
{{ cpu}}
{{ {}}
{{ }}}
Is there some specific settings required ?
Documentation said "if VPP has never been installed on a system, then starting in 18.04, the VPP Custom SELinux Policy will be installed with the other RPMs and all the system components managed by VPP will be labeled properly."
Thanks
- relates to
-
-
- New
-
