[Users] could not add local storage domain

Cristian Falcas cristi.falcas at gmail.com
Sun Nov 18 09:59:23 UTC 2012 

I opened https://bugzilla.redhat.com/show_bug.cgi?id=877715 on vdsm


On Sun, Nov 18, 2012 at 11:44 AM, Jorick Astrego <jorick at netbulae.eu> wrote:

>  Cristian,
>
> This is the link for bug reports:
>
> https://bugzilla.redhat.com/enter_bug.cgi?product=oVirt
>
> Regards,
>
> Jorick
>
>
> On 11/17/2012 06:16 PM, Cristian Falcas wrote:
>
> Please let me know how to do this, or if it's enough the bellow info.
>
> In the logs I found this when trying to activate the storage:
>
> Nov 17 16:57:58 localhost sanlock[11899]: 2012-11-17 16:57:58+0200 29123
> [13385]: open error -13 /rhev/data-center/mnt/_media_
> ceva2_Ovirt_Storage/f021f6dd-0f88-4d5e-842f-b54e8cb5f846/dom_md/ids
> Nov 17 16:57:58 localhost sanlock[11899]: 2012-11-17 16:57:58+0200 29123
> [13385]: s1956 open_disk
> /rhev/data-center/mnt/_media_ceva2_Ovirt_Storage/f021f6dd-0f88-4d5e-842f-b54e8cb5f846/dom_md/ids
> error -13
> Nov 17 16:57:59 localhost setroubleshoot: SELinux is preventing
> /usr/sbin/sanlock from search access on the directory Storage. For complete
> SELinux messages. run sealert -l 026bd86b-153c-403a-ab2d-043e381be6cc
> Nov 17 16:58:01 localhost vdsm TaskManager.Task ERROR
> Task=`eb4b34ff-04a8-4d12-9338-ebce08f554ca`::Unexpected error
>
> Running the sealert command :
>
>
> root at localhost log]# sealert -l 026bd86b-153c-403a-ab2d-043e381be6cc
> SELinux is preventing /usr/sbin/sanlock from search access on the
> directory Storage.
>
> *****  Plugin catchall (100. confidence) suggests
> ***************************
>
> If you believe that sanlock should be allowed search access on the Storage
> directory by default.
> Then you should report this as a bug.
> You can generate a local policy module to allow this access.
> Do
> allow this access for now by executing:
> # grep sanlock /var/log/audit/audit.log | audit2allow -M mypol
> # semodule -i mypol.pp
>
>
> Additional Information:
> Source Context                system_u:system_r:sanlock_t:s0-s0:c0.c1023
> Target Context                unconfined_u:object_r:public_content_rw_t:s0
> Target Objects                Storage [ dir ]
> Source                        sanlock
> Source Path                   /usr/sbin/sanlock
> Port                          <Unknown>
> Host                          localhost.localdomain
> Source RPM Packages           sanlock-2.4-2.fc17.x86_64
> Target RPM Packages
> Policy RPM                    selinux-policy-3.10.0-159.fc17.noarch
> Selinux Enabled               True
> Policy Type                   targeted
> Enforcing Mode                Enforcing
> Host Name                     localhost.localdomain
> Platform                      Linux localhost.localdomain
> 3.6.6-1.fc17.x86_64 #1
>                               SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 x86_64
> Alert Count                   1980
> First Seen                    2012-11-16 11:03:19 EET
> Last Seen                     2012-11-17 16:58:18 EET
> Local ID                      026bd86b-153c-403a-ab2d-043e381be6cc
>
> Raw Audit Messages
> type=AVC msg=audit(1353164298.898:5507): avc:  denied  { search } for
> pid=13449 comm="sanlock" name="Storage" dev="dm-12" ino=4456450
> scontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023
> tcontext=unconfined_u:object_r:public_content_rw_t:s0 tclass=dir
>
>
> type=SYSCALL msg=audit(1353164298.898:5507): arch=x86_64 syscall=open
> success=no exit=EACCES a0=7f50b80009c8 a1=105002 a2=0 a3=0 items=0 ppid=1
> pid=13449 auid=4294967295 uid=179 gid=179 euid=179 suid=179 fsuid=179
> egid=179 sgid=179 fsgid=179 tty=(none) ses=4294967295 comm=sanlock
> exe=/usr/sbin/sanlock subj=system_u:system_r:sanlock_t:s0-s0:c0.c1023
> key=(null)
>
> Hash: sanlock,sanlock_t,public_content_rw_t,dir,search
>
> audit2allow
>
> #============= sanlock_t ==============
> allow sanlock_t public_content_rw_t:dir search;
>
> audit2allow -R
>
> #============= sanlock_t ==============
> allow sanlock_t public_content_rw_t:dir search;
>
>
> On Fri, Nov 16, 2012 at 7:51 PM, Federico Simoncelli <fsimonce at redhat.com>wrote:
>
>> ----- Original Message -----
>> > From: "Cristian Falcas" <cristi.falcas at gmail.com>
>> > To: "Federico Simoncelli" <fsimonce at redhat.com>
>> > Cc: "Jorick Astrego" <jorick at netbulae.eu>, users at ovirt.org
>> > Sent: Friday, November 16, 2012 6:47:50 PM
>> > Subject: Re: [Users] could not add local storage domain
>> >
>>  > it's working for me with the latest files.
>> >
>> > Current issues:
>> > - You need to create the db user as superuser
>> > - disable selinux.
>>
>>  Can you grab the relevant AVC errors and report them in a bug?
>>
>> Thanks,
>> --
>> Federico
>>
>
>
>
> --
> Met vriendelijke groet,
>
> Jorick Astrego
>
> Netbulae B.V.
> Staalsteden 4-13
> 7547 TA Enschede
>
> Tel. +31 (0)53 - 20 30 270
>
> Email: jorick at netbulae.eu
> Site:  http://www.netbulae.eu
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20121118/62894513/attachment.html>

More information about the Users mailing list