问题
I have an R package that sends out a job to the OpenMPI cluster I have running by means of the Rmpi package. All works as expected within an R session run from the console. However, when I try to execute the relevant function with from my OpenCPU server like this (details changed to protect the innocent):
curl -XPOST http://99.999.999.99/ocpu/library/MyPackage/R/my_cluster_function
I get this error:
R call failed: process died.
(Other, non-cluster calling functions within the package work as expected via OpenCPU). I noticed in /var/log/kern.log
a variety of requests being DENIED
by apparmor, and I have been able to resolve most of them by adding entries into /etc/apparmor.d/opencpu.d/custom
to allow OpenMPI to access the files it needs. However, I cannot resolve these two issues (again, IP address changed) related to "open" requests for location "/"
:
Oct 26 03:49:58 99.999.999.99 kernel: [142952.551234] type=1400 audit(1414295398.849:957): apparmor="DENIED" operation="open" profile="opencpu-main" name="/" pid=22486 comm="orted" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
Oct 26 03:49:58 99.999.999.99 kernel: [142952.556422] type=1400 audit(1414295398.857:958): apparmor="DENIED" operation="open" profile="opencpu-main" name="/" pid=22485 comm="apache2" requested_mask="r" denied_mask="r" fsuid=33 ouid=0
Adding this to my apparmor rules did not help:
/* r,
Two questions:
- Why is opencpu trying to read from my root level directory (or does this mean something else)?
- More urgently, how can I resolve this apparmor issue?
Thanks.
回答1:
You might need to add both apparmor rules
/ r,
/* r,
The first rule allows directory listing of /
and the second rule allows read access to any file under /
.
I don't understand why Rmpi
wants to read /
or why were you getting process died
error instead of access denied. Are you sure the problem is completely resolved?
来源:https://stackoverflow.com/questions/26569723/rmpi-opencpu-and-apparmor-denied-request-for