Open mohandev2 opened 5 years ago
Hi Mohan,
Could you please add the steps to recreate this issue.
Thanks, Hemantha Reddy
Compiled the sources on RHEL 7.5 system using make rpm. Installed the rpm's using rpm -iUvh *.rpm and ran the daemon using systemctl start daemon. The cert directory has 600 permissions.
The problem is due to SELinux being enforced. The security context of the source and target are not matching. Packaging ov_rest and cert directories with 600 permission helps little bit as it allows the creation of cert files in that directory. We will not be able to package the cert files as there are three files for each one view ring and the file name depends on the instance id also.
One workaround for now is that user could stop the daemon and set the openhpid_t to the permissive mode using "semanage permissive -a openhpid_t" before restarting the daemon using systemctl. Looks like this setting is valid till the next reboot.
The plugin is unable to create the cert file and OEM_EVENT_FILE due to permissions. The plugin works well though. We could also see if we need to store the cert files. The error in the syslog is Aug 30 12:48:43 openhpi-rhel76 openhpid: ov_rest: ov_rest_discover.c:1733: OV_REST Discovery Completed Aug 30 12:48:43 openhpi-rhel76 openhpid: ov_rest: ov_rest_event.c:1256: Failed to create the directory /var/lib/openhpi/ov_rest/cert, Permission denied Aug 30 12:48:43 openhpi-rhel76 openhpid: ov_rest: ov_rest_event.c:1276: Failed to change the dir to /var/lib/openhpi/ov_rest/cert, Permission denied Aug 30 12:48:43 openhpi-rhel76 openhpid: ov_rest: ov_rest_event.c:1292: Error opening the file SSLCert_9.pem Aug 30 12:48:43 openhpi-rhel76 openhpid: ov_rest: ov_rest_event.c:1857: Error opening OEM_EVENT_FILE file: /var/lib/openhpi/ov_rest/oem_event_9.log