[ovirt-users] Snapshot removal vs selinux enforced
Lionel Caignec
caignec at cines.fr
Mon Sep 25 14:46:59 UTC 2017
I reply myself if it can help somemone.
I found a solution with audit2allow/audit2why creating a policy containing this :
type systemd_machined_t;
type svirt_t;
type fixed_disk_device_t;
class blk_file write;
class dir search;
}
It seems to work, and i can keep my host in selinux enforced.
----- Mail original -----
De: "Lionel Caignec" <caignec at cines.fr>
À: "users" <users at ovirt.org>
Envoyé: Lundi 25 Septembre 2017 15:37:16
Objet: [ovirt-users] Snapshot removal vs selinux enforced
Hi,
i have a problem with selinux enforced.
When i tried to live remove a snapshot the operation failed . After some headache i found the problem source : selinux.
When i "setenfore 0" the removal task work, when i "setenforce 1" removal task failed.
log from audit.log:
vc: denied {write} for pid = 28360 tmptext = system_u: object_r : fixed_disk_device_t: s0 tclass = blk_file
I'm with RHEL 7.4 and ovirt 4.1, is it some specific configuration to do?.
Thanks for help.
_______________________________________________
Users mailing list
Users at ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
More information about the Users
mailing list