[root@localhost ~]# systemctl start docker
[root@localhost ~]# /usr/share/openvswitch/scripts/ovs-ctl start
+++++++++++++++++++++++++++++++++++++++
[root@localhost imunes]# grep ovs-appctl /var/log/audit/audit.log | audit2allow -M mypol
[root@localhost imunes]# semodule -i mypol.pp
change the docker template uri to just "imunes/vroot:base" in prepare_vroot.sh
then
[root@localhost imunes]# imunes -p
[root@localhost imunes]# imunes
+++++++++++++++++++++++++++++++++++++++
ELinux is preventing ovs-appctl from 'read, write' accesses on the file ovsdb-server.pid.
***** Plugin catchall (100. confidence) suggests **************************
If 您确定应默认允许 ovs-appctl read write 访问 ovsdb-server.pid file。
Then 您应该将这个情况作为 bug 报告。
您可以生成本地策略模块允许这个访问。
Do
请执行以下命令此时允许这个访问:
# grep ovs-appctl /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:openvswitch_t:s0-s0:c0.c1023
Target Context unconfined_u:object_r:var_run_t:s0
Target Objects ovsdb-server.pid [ file ]
Source ovs-appctl
Source Path ovs-appctl
Port
Host localhost.localdomain
Source RPM Packages
Target RPM Packages
Policy RPM selinux-policy-3.13.1-152.fc23.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name localhost.localdomain
Platform Linux localhost.localdomain 4.2.3-300.fc23.x86_64
#1 SMP Mon Oct 5 15:42:54 UTC 2015 x86_64 x86_64
Alert Count 1
First Seen 2016-01-27 08:11:02 CST
Last Seen 2016-01-27 08:11:02 CST
Local ID c605ec33-38c2-4da2-a705-e2f34268cfe6
Raw Audit Messages
type=AVC msg=audit(1453853462.215:579): avc: denied { read write } for pid=5426 comm="ovs-appctl" name="ovsdb-server.pid" dev="tmpfs" ino=39174 scontext=system_u:system_r:openvswitch_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file permissive=0
Hash: ovs-appctl,openvswitch_t,var_run_t,file,read,write
+++++++++++++++++++++++++
# Fedora 22
# dnf install openvswitch docker-io xterm wireshark-gnome ImageMagick tcl tcllib tk kernel-modules-extra util-linux
# echo 'DOCKER_STORAGE_OPTIONS="-s overlay"' >> /etc/sysconfig/docker-storage
# systemctl restart docker
----------
Arch:
# cp /usr/lib/systemd/system/docker.service /etc/systemd/system/docker.service
### add overlay to ExecStart
ExecStart=/usr/bin/docker daemon -s overlay -H fd://
### reload systemd files and restart docker.service
# systemctl daemon-reload
# systemctl restart docker
Check status with docker info:
# docker info | grep Storage
Storage Driver: overlay
----------
### Installing IMUNES
Checkout the last fresh IMUNES source through the public github
repository:
# dnf install git
# git clone
Now we need to install IMUNES and populate the virtual file system
with predefined and required data. To install imunes on the system
execute (as root):
# cd imunes
# make install
### Filesystem for virtual nodes
For the topologies to work a template filesystem must be created.
This is done by issuing the following command (as root):
# imunes -p
Now the IMUNES GUI can be ran just by typing the imunes command
in the terminal:
# imunes
To execute experiments, run it as root.
For additional information visit our web site:
阅读(1486) | 评论(0) | 转发(0) |