Chinaunix首页 | 论坛 | 博客
  • 博客访问: 6660328
  • 博文数量: 1159
  • 博客积分: 12444
  • 博客等级: 上将
  • 技术积分: 12570
  • 用 户 组: 普通用户
  • 注册时间: 2008-03-13 21:34
文章分类

全部博文(1159)

文章存档

2016年(126)

2015年(350)

2014年(56)

2013年(91)

2012年(182)

2011年(193)

2010年(138)

2009年(23)

分类: 网络与安全

2016-01-27 08:35:59

[root@localhost ~]# systemctl start docker

[root@localhost ~]# /usr/share/openvswitch/scripts/ovs-ctl start


+++++++++++++++++++++++++++++++++++++++

[root@localhost imunes]# grep ovs-appctl /var/log/audit/audit.log | audit2allow -M mypol
[root@localhost imunes]# semodule -i mypol.pp





change the docker template uri to just "imunes/vroot:base" in prepare_vroot.sh

then

[root@localhost imunes]# imunes -p

[root@localhost imunes]# imunes

+++++++++++++++++++++++++++++++++++++++

ELinux is preventing ovs-appctl from 'read, write' accesses on the file ovsdb-server.pid.

*****  Plugin catchall (100. confidence) suggests   **************************

If 您确定应默认允许 ovs-appctl read write 访问 ovsdb-server.pid file。
Then 您应该将这个情况作为 bug 报告。
您可以生成本地策略模块允许这个访问。
Do
请执行以下命令此时允许这个访问:
# grep ovs-appctl /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context                system_u:system_r:openvswitch_t:s0-s0:c0.c1023
Target Context                unconfined_u:object_r:var_run_t:s0
Target Objects                ovsdb-server.pid [ file ]
Source                        ovs-appctl
Source Path                   ovs-appctl
Port                         
Host                          localhost.localdomain
Source RPM Packages           
Target RPM Packages           
Policy RPM                    selinux-policy-3.13.1-152.fc23.noarch
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     localhost.localdomain
Platform                      Linux localhost.localdomain 4.2.3-300.fc23.x86_64
                              #1 SMP Mon Oct 5 15:42:54 UTC 2015 x86_64 x86_64
Alert Count                   1
First Seen                    2016-01-27 08:11:02 CST
Last Seen                     2016-01-27 08:11:02 CST
Local ID                      c605ec33-38c2-4da2-a705-e2f34268cfe6

Raw Audit Messages
type=AVC msg=audit(1453853462.215:579): avc:  denied  { read write } for  pid=5426 comm="ovs-appctl" name="ovsdb-server.pid" dev="tmpfs" ino=39174 scontext=system_u:system_r:openvswitch_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file permissive=0


Hash: ovs-appctl,openvswitch_t,var_run_t,file,read,write

+++++++++++++++++++++++++

# Fedora 22

    # dnf install openvswitch docker-io xterm wireshark-gnome ImageMagick tcl tcllib tk kernel-modules-extra util-linux

    # echo 'DOCKER_STORAGE_OPTIONS="-s overlay"' >> /etc/sysconfig/docker-storage
    # systemctl restart docker

----------
    Arch:
    # cp /usr/lib/systemd/system/docker.service /etc/systemd/system/docker.service
    ### add overlay to ExecStart
    ExecStart=/usr/bin/docker daemon -s overlay -H fd://
    ### reload systemd files and restart docker.service
    # systemctl daemon-reload
    # systemctl restart docker

    Check status with docker info:
    # docker info | grep Storage
    Storage Driver: overlay
----------

### Installing IMUNES

Checkout the last fresh IMUNES source through the public github
repository:

    # dnf install git

    # git clone

Now we need to install IMUNES and populate the virtual file system
with predefined and required data. To install imunes on the system
execute (as root):

    # cd imunes
    # make install

### Filesystem for virtual nodes

For the topologies to work a template filesystem must be created.
This is done by issuing the following command (as root):

    # imunes -p

Now the IMUNES GUI can be ran just by typing the imunes command
in the terminal:

    # imunes

To execute experiments, run it as root.

For additional information visit our web site:
       
阅读(1486) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~