linux cp ovserwrite,(OK) running imunes in Fedora 23

[root@localhost ~]# systemctl start docker

[root@localhost ~]# /usr/share/openvswitch/scripts/ovs-ctl start

+++++++++++++++++++++++++++++++++++++++

[root@localhost imunes]# grep ovs-appctl /var/log/audit/audit.log | audit2allow -M mypol

[root@localhost imunes]# semodule -i mypol.pp

change the docker template uri to just "imunes/vroot:base" in prepare_vroot.sh

then

[root@localhost imunes]# imunes -p

[root@localhost imunes]# imunes

+++++++++++++++++++++++++++++++++++++++

ELinux is preventing ovs-appctl from 'read, write' accesses on the file ovsdb-server.pid.

*****  Plugin catchall (100. confidence) suggests   **************************

If 您确定应默认允许 ovs-appctl read write 访问 ovsdb-server.pid file。

Then 您应该将这个情况作为 bug 报告。

您可以生成本地策略模块允许这个访问。

Do

请执行以下命令此时允许这个访问：

# grep ovs-appctl /var/log/audit/audit.log | audit2allow -M mypol

# semodule -i mypol.pp

Additional Information:

Source Context                system_u:system_r:openvswitch_t:s0-s0:c0.c1023

Target Context                unconfined_u:object_r:var_run_t:s0

Target Objects                ovsdb-server.pid [ file ]

Source                        ovs-appctl

Source Path                   ovs-appctl

Port                          Host                          localhost.localdomain

Source RPM Packages

Target RPM Packages

Policy RPM                    selinux-policy-3.13.1-152.fc23.noarch

Selinux Enabled               True

Policy Type                   targeted

Enforcing Mode                Enforcing

Host Name                     localhost.localdomain

Platform                      Linux localhost.localdomain 4.2.3-300.fc23.x86_64

#1 SMP Mon Oct 5 15:42:54 UTC 2015 x86_64 x86_64

Alert Count                   1

First Seen                    2016-01-27 08:11:02 CST

Last Seen                     2016-01-27 08:11:02 CST

Local ID                      c605ec33-38c2-4da2-a705-e2f34268cfe6

Raw Audit Messages

type=AVC msg=audit(1453853462.215:579): avc:  denied  { read write } for  pid=5426 comm="ovs-appctl" name="ovsdb-server.pid" dev="tmpfs" ino=39174 scontext=system_u:system_r:openvswitch_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:var_run_t:s0 tclass=file permissive=0

Hash: ovs-appctl,openvswitch_t,var_run_t,file,read,write

+++++++++++++++++++++++++

# Fedora 22

# dnf install openvswitch docker-io xterm wireshark-gnome ImageMagick tcl tcllib tk kernel-modules-extra util-linux

# echo 'DOCKER_STORAGE_OPTIONS="-s overlay"' >> /etc/sysconfig/docker-storage

# systemctl restart docker

----------

Arch:

# cp /usr/lib/systemd/system/docker.service /etc/systemd/system/docker.service

### add overlay to ExecStart

ExecStart=/usr/bin/docker daemon -s overlay -H fd://

### reload systemd files and restart docker.service

# systemctl daemon-reload

# systemctl restart docker

Check status with docker info:

# docker info | grep Storage

Storage Driver: overlay

----------

### Installing IMUNES

Checkout the last fresh IMUNES source through the public github

repository:

# dnf install git

# git clone

Now we need to install IMUNES and populate the virtual file system

with predefined and required data. To install imunes on the system

execute (as root):

# cd imunes

# make install

### Filesystem for virtual nodes

For the topologies to work a template filesystem must be created.

This is done by issuing the following command (as root):

# imunes -p

Now the IMUNES GUI can be ran just by typing the imunes command

in the terminal:

# imunes

To execute experiments, run it as root.

For additional information visit our web site: