Change
06fc55b0a4d994550f05625f10d8f7f0b11863eb added a setsebool
command to nodes setup on ctdb enabled test. This should have
prevented additional errors like:
```
failure_reason: 'SELinux denials found on
ubuntu@smithi066.front.sepia.ceph.com: [''type=AVC
msg=audit(
1743168241.024:10142): avc: denied { nlmsg_read } for
pid=60223 comm="ss"
scontext=system_u:system_r:container_t:s0:c491,c612
tcontext=system_u:system_r:container_t:s0:c491,c612
tclass=netlink_tcpdiag_socket permissive=1'', ''type=AVC
msg=audit(
1743168185.768:10101):
avc: denied { nlmsg_read } for pid=58817 comm="ss"
scontext=system_u:system_r:container_t:s0:c491,c612
tcontext=system_u:system_r:container_t:s0:c491,c612
tclass=netlink_tcpdiag_socket
permissive=1'', ''type=AVC msg=audit(
1743168210.896:10137): avc:
denied { nlmsg_read
} for pid=59798 comm="ss"
scontext=system_u:system_r:container_t:s0:c491,c612
tcontext=system_u:system_r:container_t:s0:c491,c612
tclass=netlink_tcpdiag_socket permissive=1'']'
```
But these were seen again:
https://qa-proxy.ceph.com/teuthology/adking-2025-03-28_12:13:17-orch:cephadm-wip-adk-testing-2025-03-27-1430-distro-default-smithi/
8214681/teuthology.log
I think that the commands may not be getting run correctly because they
need to be run with privs. Other pexec commands in the cephadm suite run
with sudo, so try it here.
Signed-off-by: John Mulligan <jmulligan@redhat.com>
projects / ceph-ci.git / commitdiff