[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [HTCondor-users] Communication error when trying to add second machine



> From: "Hughes, Zachary" <zdhughes@xxxxxxxxx>
> Date: 08/04/2016 06:33 PM

> I get SELinux Alerts:
>
> ###########################################################################
> SELinux is preventing /usr/bin/bash from write access on the file
> ip_local_port_range.
>
> *****  Plugin catchall (100. confidence) suggests   **************************

Howdy!

The CentOS / Red Hat 7 enables SELinux by default, so lots of people are
seeing these sorts of things in many different applications - so much
for the strategy of ignoring SELinux and hoping it'll go away.

This one is triggered by the /usr/libexec/condor/linux_kernel_tuning script
which was introduced in 8.4. This adjusts parameters around the Linux kernel
to optimize the scalability and performance of the HTCondor environment.
You'll see a log of its activity in /etc/sysctl.d/99-htcondor.conf.

If you want to set these parameters manually to avoid SELinux tackles, you
can update your config to set ENABLE_KERNEL_TUNING to false, and then write
a sysctl.conf to set the parameters within the framework of the sysctl.d
directory which will have the proper SELinux permissions.

You might first want to try adding the appropriate context to the
linux_kernel_tuning script to allow it to issue the required sysctl calls -
this will probably be the solution implemented by the CHTC as SELinux
snarls are combed out.

        -Michael Pelletier.
_