Hi Orion,

On May 12, 2011, at 23:31 , Orion Poplawski wrote:

> On 05/12/2011 03:17 PM, Orion Poplawski wrote:
>> On 05/12/2011 03:04 PM, Orion Poplawski wrote:
>>> I'm just trying out openafs on SL6 and ran into the following starting the afs
>>> daemon:
>>> 
>>> Starting AFS client.....
>>> afsd: some file missing or bad in /usr/vice/etc
>> 
>> Turns out this was caused by following the quick start guide and linking
>> /usr/afs/etc/{CellServDB,ThisCell} to /usr/vice/etc. Just copying the files
>> allows everything to work with SELinux enforcing.
>> 
> 
> Spoke too soon.  Lots of denials on the server side of things.  Is there any expectation that you can run openafs in enforcing mode?


the client will work if everything is labelled correctly, and we took care that this is true after installation of the packages, no matter whether under anaconda or later from yum. That's also why we changed the default cache location.

On the server side, this work hasn't been done yet. In addition, the policy is not quite complete and will prevent the fileserver from running successfully even if all labels are what restorecon will make them. There's at least a problem with the fssync.sock, but maybe more.

The fileserver *should* work with SELinux in enforcing mode, as long as the init script has type unconfined_exec_t.
But of course that's cheeting.

In any case, please keep in mind that the OpenAFS in SL6 is still a prerelease, though a relatively advanced and mature one. But if you want to run a production server, I recommend SL5 for the time being. More feedback on the SL6 one is of course very welcome.

Best regards,
	Stephan

-- 
Stephan Wiesand
DESY -DV-
Platanenenallee 6
15738 Zeuthen, Germany