Rmpi,OpenCPU和Apparmor:拒绝请求"/". [英] Rmpi, OpenCPU, and Apparmor: DENIED request for "/"
问题描述
我有一个R软件包,可以通过Rmpi软件包将作业发送到我正在运行的OpenMPI集群. R会话中的所有工作都可以从控制台运行.但是,当我尝试从这样的OpenCPU服务器执行相关功能时(更改了细节以保护无辜的人):
I have an R package that sends out a job to the OpenMPI cluster I have running by means of the Rmpi package. All works as expected within an R session run from the console. However, when I try to execute the relevant function with from my OpenCPU server like this (details changed to protect the innocent):
curl -XPOST http://99.999.999.99/ocpu/library/MyPackage/R/my_cluster_function
我收到此错误:
R call failed: process died.
(程序包中的其他非集群调用功能可以通过OpenCPU正常工作).我在/var/log/kern.log中注意到apparmor正在执行DENIED的各种请求,通过将条目添加到/etc/apparmor.d/opencpu.d/custom以允许OpenMPI访问所需的文件,我已经能够解决大多数请求.但是,我无法解决与位置"/"的打开"请求有关的两个问题(同样,IP地址已更改):
(Other, non-cluster calling functions within the package work as expected via OpenCPU). I noticed in /var/log/kern.log a variety of requests being DENIED by apparmor, and I have been able to resolve most of them by adding entries into /etc/apparmor.d/opencpu.d/custom to allow OpenMPI to access the files it needs. However, I cannot resolve these two issues (again, IP address changed) related to "open" requests for location "/":
Oct 26 03:49:58 99.999.999.99 kernel: [142952.551234] type=1400 audit(1414295398.849:957): apparmor="DENIED" operation="open" profile="opencpu-main" name="/" pid=22486 comm="orted" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
Oct 26 03:49:58 99.999.999.99 kernel: [142952.556422] type=1400 audit(1414295398.857:958): apparmor="DENIED" operation="open" profile="opencpu-main" name="/" pid=22485 comm="apache2" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
将此内容添加到我的保护者规则中并没有帮助:
Adding this to my apparmor rules did not help:
/* r,
两个问题:
- 为什么opencpu试图从我的根目录中读取(或者这意味着其他意思)?
- 更紧急的是,我该如何解决这个保障问题?
谢谢.
推荐答案
您可能需要同时添加两个apparmor规则
You might need to add both apparmor rules
/ r,
/* r,
第一个规则允许/的目录列表,第二个规则允许对/下的任何文件的读取访问.
The first rule allows directory listing of / and the second rule allows read access to any file under /.
我不明白为什么Rmpi要读取/或为什么会出现process died错误而不是拒绝访问.您确定问题已完全解决吗?
I don't understand why Rmpi wants to read / or why were you getting process died error instead of access denied. Are you sure the problem is completely resolved?
这篇关于Rmpi,OpenCPU和Apparmor:拒绝请求"/".的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
