search

libstorage / libstoragemgmt

A library for storage management
https://libstorage.github.io/libstoragemgmt-doc/
GNU Lesser General Public License v2.1
82 stars 32 forks source link

megaraid plugin fails to find MegaRAID controller #527

Closed opoplawski closed 1 year ago

opoplawski commented 1 year ago

Locally build libstoragemgmt 1.9.7 on an EL8 system:

# lsmcli -u megaraid:// -t ',' lv
NOT_FOUND_SYSTEM(208): No MegaRAID controller detected by /opt/MegaRAID/storcli/storcli64
# /opt/MegaRAID/storcli/storcli64 show
CLI Version = 007.2309.0000.0000 Sep 16, 2022
Operating system = Linux 4.18.0-425.13.1.el8_7.x86_64
Status Code = 0
Status = Success
Description = None

Number of Controllers = 1
Host Name = stor-boulder01.cora.nwra.com
Operating System  = Linux 4.18.0-425.13.1.el8_7.x86_64
StoreLib IT Version = 07.2400.0200.0100
StoreLib IR3 Version = 16.14-0

System Overview :
===============

-------------------------------------------------------------------------------------
Ctl Model                   Ports PDs DGs DNOpt VDs VNOpt BBU sPR DS  EHS ASOs Hlth
-------------------------------------------------------------------------------------
  0 AVAGOMegaRAIDSAS9380-8e     8  22   2     2   2     2 Opt On  1&2 Y      3 NdAtn
-------------------------------------------------------------------------------------
tasleson commented 1 year ago

Please supply output of:

# /opt/MegaRAID/storcli/storcli64 show ctrlcount J

Also try placing selinux into permissive mode 

~]# setenforce 0
~]# getenforce
Permissive

and try

# lsmcli -u megaraid:// -t ',' lv
opoplawski commented 1 year ago

SELinux was indeed the culprit. It works in permissive mode with the following AVCs:

type=AVC msg=audit(1679416660.562:57826): avc:  denied  { read write } for  pid=19393 comm="storcli64" name="mpt3ctl" dev="devtmpfs" ino=29849 scontext=system_u:system_r:lsmd_plugin_t:s0 tcontext=system_u:object_r:mptctl_device_t:s0 tclass=chr_file permissive=1
type=AVC msg=audit(1679416660.562:57826): avc:  denied  { open } for  pid=19393 comm="storcli64" path="/dev/mpt3ctl" dev="devtmpfs" ino=29849 scontext=system_u:system_r:lsmd_plugin_t:s0 tcontext=system_u:object_r:mptctl_device_t:s0 tclass=chr_file permissive=1
type=AVC msg=audit(1679416660.562:57827): avc:  denied  { ioctl } for  pid=19393 comm="storcli64" path="/dev/mpt3ctl" dev="devtmpfs" ino=29849 ioctlcmd=0x4c11 scontext=system_u:system_r:lsmd_plugin_t:s0 tcontext=system_u:object_r:mptctl_device_t:s0 tclass=chr_file permissive=1
type=AVC msg=audit(1679416660.562:57828): avc:  denied  { open } for  pid=19393 comm="storcli64" path="/var/log/storelibdebugit.txt" dev="dm-10" ino=7340175 scontext=system_u:system_r:lsmd_plugin_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=1
type=AVC msg=audit(1679416660.562:57829): avc:  denied  { write } for  pid=19393 comm="storcli64" name="log" dev="dm-10" ino=7340160 scontext=system_u:system_r:lsmd_plugin_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1679416660.562:57829): avc:  denied  { remove_name } for  pid=19393 comm="storcli64" name="storelibdebugit.txt" dev="dm-10" ino=7340175 scontext=system_u:system_r:lsmd_plugin_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1679416660.562:57829): avc:  denied  { rename } for  pid=19393 comm="storcli64" name="storelibdebugit.txt" dev="dm-10" ino=7340175 scontext=system_u:system_r:lsmd_plugin_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=1
type=AVC msg=audit(1679416660.562:57829): avc:  denied  { add_name } for  pid=19393 comm="storcli64" name="storelibdebugit.txt.1" dev="dm-10" ino=7340173 scontext=system_u:system_r:lsmd_plugin_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=dir permissive=1
type=AVC msg=audit(1679416660.562:57829): avc:  denied  { unlink } for  pid=19393 comm="storcli64" name="storelibdebugit.txt.1" dev="dm-10" ino=7340173 scontext=system_u:system_r:lsmd_plugin_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=1
type=AVC msg=audit(1679416660.563:57830): avc:  denied  { create } for  pid=19393 comm="storcli64" name="storelibdebugit.txt" scontext=system_u:system_r:lsmd_plugin_t:s0 tcontext=system_u:object_r:var_log_t:s0 tclass=file permissive=1
type=AVC msg=audit(1679416660.606:57832): avc:  denied  { dac_read_search } for  pid=19394 comm="storcli64" capability=2  scontext=system_u:system_r:lsmd_plugin_t:s0 tcontext=system_u:system_r:lsmd_plugin_t:s0 tclass=capability permissive=1

I'll file an issue against RHEL8's selinux policy. Thanks for the help.