SDC (scini) driver configuration for SELinux
SELinux may prevent the scini driver from starting on RHEL-based SDC nodes.
About this task
If SELinux is enabled and enforced, it can prevent the SDC driver (scini) from starting on RHEL-based nodes.
NOTE: To remove the SELinux module, run:
semodule -r scini
Perform the following procedure to prevent this problem:
Steps
-
On the SDC, use a text editor to create two text files, in any directory:
-
Create a file called
scini.fe, and add the following text to it:
/usr/bin/emc/scaleio/(.*).ko system_u:object_r:modules_object_t:s0
/bin/emc/scaleio/(.*).ko system_u:object_r:modules_object_t:s0
-
Create a file called
scini.te, and add the following text to it:
module scini 1.0;
require {
type insmod_t;
type modules_object_t;
class system module_load;
}
-
Build and install the SELinux module, by running the following commands:
checkmodule -M -m scini.te -o scini.mod
semodule_package -o scini.pp -m scini.mod -f scini.fe
semodule -i scini.pp
restorecon -R -v /bin/emc/scaleio/
-
To check the current configuration, run the command:
Output similar to the following should be displayed, showing that
SELinux status is "enabled", and
Current mode is "enforcing":
SELinus status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 31
-
To check that the scini module is configured in SELinux, run the command:
semodule --list=full | grep scini
Output similar to the following should be displayed:
400 scini pp
-
Start the scini service: