[ovirt-users] ovirt and mixed selinux

[Yanir Quinn]

As far as it goes for RHEV:

- Virtual machine migration will fail if migrating from a hypervisor with
SELinux enabled to one with SELinux disabled
- A virtual machine previously started on a hypervisor with SELinux enabled
will not start on a hypervisor with SELinux disable.

RHEV manages the SELinux configuration on RHEV Hypervisors in a persistent
state, SELinux is enabled by default.

You'll need to run sestatus as a superuser on each host in the cluster and
observe the output,
evaluate each host in the cluster to make sure the setting for "SELinux
status" is consistent.

Regards,
Yanir Quinn

On Sat, Jul 29, 2017 at 12:21 AM, Bill James <bill.james at j2.com> wrote:

> I was hoping to migrate my systems to using selinux gradually.
> I added 3 new nodes with selinux in permissive mode.
> Migration fails to any of the previous hosts that currently have selinux
> disabled.
> Is it an all or nothing deal? Obviously not easy to reboot all nodes at
> once.
>
> 2017-07-28 09:35:43,616 ERROR (migsrc/8c566813) [virt.vm]
> (vmId='8c566813-4bee-4f04-be23-c9fc10e1e1f2') unsupported configuration:
> Unable to find security driver for model selinux (migration:265)
> 2017-07-28 09:35:43,641 ERROR (migsrc/8c566813) [virt.vm]
> (vmId='8c566813-4bee-4f04-be23-c9fc10e1e1f2') Failed to migrate
> (migration:405)
> Traceback (most recent call last):
>
>
> ovirt-engine-4.1.0.4-1.el7.centos.noarch
> libselinux-utils-2.5-6.el7.x86_64
>
>
> related: http://lists.ovirt.org/pipermail/users/2016-October/076878.html
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20170730/db640408/attachment.html>