I opened <a href="https://bugzilla.redhat.com/show_bug.cgi?id=877715">https://bugzilla.redhat.com/show_bug.cgi?id=877715</a> on vdsm<br><div class="gmail_extra"><br><br><div class="gmail_quote">On Sun, Nov 18, 2012 at 11:44 AM, Jorick Astrego <span dir="ltr"><<a href="mailto:jorick@netbulae.eu" target="_blank">jorick@netbulae.eu</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
<div>Cristian, <br>
<br>
This is the link for bug reports:<br>
<br>
<a href="https://bugzilla.redhat.com/enter_bug.cgi?product=oVirt" target="_blank">https://bugzilla.redhat.com/enter_bug.cgi?product=oVirt</a><br>
<br>
Regards,<br>
<br>
Jorick<div><div class="h5"><br>
<br>
On 11/17/2012 06:16 PM, Cristian Falcas wrote:<br>
</div></div></div><div><div class="h5">
<blockquote type="cite">Please let me know how to do this, or if it's enough
the bellow info.<br>
<br>
In the logs I found this when trying to activate the storage:<br>
<br>
Nov 17 16:57:58 localhost sanlock[11899]: 2012-11-17 16:57:58+0200
29123 [13385]: open error -13 /rhev/data-center/mnt/_media_
<div class="gmail_extra">
ceva2_Ovirt_Storage/f021f6dd-0f88-4d5e-842f-b54e8cb5f846/dom_md/ids<br>
Nov 17 16:57:58 localhost sanlock[11899]: 2012-11-17
16:57:58+0200 29123 [13385]: s1956 open_disk
/rhev/data-center/mnt/_media_ceva2_Ovirt_Storage/f021f6dd-0f88-4d5e-842f-b54e8cb5f846/dom_md/ids
error -13<br>
Nov 17 16:57:59 localhost setroubleshoot: SELinux is preventing
/usr/sbin/sanlock from search access on the directory Storage.
For complete SELinux messages. run sealert -l
026bd86b-153c-403a-ab2d-043e381be6cc<br>
Nov 17 16:58:01 localhost vdsm TaskManager.Task ERROR
Task=`eb4b34ff-04a8-4d12-9338-ebce08f554ca`::Unexpected error<br>
<br>
Running the sealert command :<br>
<br>
<br>
root@localhost log]# sealert -l
026bd86b-153c-403a-ab2d-043e381be6cc<br>
SELinux is preventing /usr/sbin/sanlock from search access on
the directory Storage.<br>
<br>
***** Plugin catchall (100. confidence) suggests
***************************<br>
<br>
If you believe that sanlock should be allowed search access on
the Storage directory by default.<br>
Then you should report this as a bug.<br>
You can generate a local policy module to allow this access.<br>
Do<br>
allow this access for now by executing:<br>
# grep sanlock /var/log/audit/audit.log | audit2allow -M mypol<br>
# semodule -i mypol.pp<br>
<br>
<br>
Additional Information:<br>
Source Context
system_u:system_r:sanlock_t:s0-s0:c0.c1023<br>
Target Context
unconfined_u:object_r:public_content_rw_t:s0<br>
Target Objects Storage [ dir ]<br>
Source sanlock<br>
Source Path /usr/sbin/sanlock<br>
Port <Unknown><br>
Host localhost.localdomain<br>
Source RPM Packages sanlock-2.4-2.fc17.x86_64<br>
Target RPM Packages <br>
Policy RPM
selinux-policy-3.10.0-159.fc17.noarch<br>
Selinux Enabled True<br>
Policy Type targeted<br>
Enforcing Mode Enforcing<br>
Host Name localhost.localdomain<br>
Platform Linux localhost.localdomain
3.6.6-1.fc17.x86_64 #1<br>
SMP Mon Nov 5 21:59:35 UTC 2012
x86_64 x86_64<br>
Alert Count 1980<br>
First Seen 2012-11-16 11:03:19 EET<br>
Last Seen 2012-11-17 16:58:18 EET<br>
Local ID
026bd86b-153c-403a-ab2d-043e381be6cc<br>
<br>
Raw Audit Messages<br>
type=AVC msg=audit(1353164298.898:5507): avc: denied { search
} for pid=13449 comm="sanlock" name="Storage" dev="dm-12"
ino=4456450 scontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:public_content_rw_t:s0 tclass=dir<br>
<br>
<br>
type=SYSCALL msg=audit(1353164298.898:5507): arch=x86_64
syscall=open success=no exit=EACCES a0=7f50b80009c8 a1=105002
a2=0 a3=0 items=0 ppid=1 pid=13449 auid=4294967295 uid=179
gid=179 euid=179 suid=179 fsuid=179 egid=179 sgid=179 fsgid=179
tty=(none) ses=4294967295 comm=sanlock exe=/usr/sbin/sanlock
subj=system_u:system_r:sanlock_t:s0-s0:c0.c1023 key=(null)<br>
<br>
Hash: sanlock,sanlock_t,public_content_rw_t,dir,search<br>
<br>
audit2allow<br>
<br>
#============= sanlock_t ==============<br>
allow sanlock_t public_content_rw_t:dir search;<br>
<br>
audit2allow -R<br>
<br>
#============= sanlock_t ==============<br>
allow sanlock_t public_content_rw_t:dir search;</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Fri, Nov 16, 2012 at 7:51 PM,
Federico Simoncelli <span dir="ltr"><<a href="mailto:fsimonce@redhat.com" target="_blank">fsimonce@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div>----- Original Message -----<br>
> From: "Cristian Falcas" <<a href="mailto:cristi.falcas@gmail.com" target="_blank">cristi.falcas@gmail.com</a>><br>
> To: "Federico Simoncelli" <<a href="mailto:fsimonce@redhat.com" target="_blank">fsimonce@redhat.com</a>><br>
> Cc: "Jorick Astrego" <<a href="mailto:jorick@netbulae.eu" target="_blank">jorick@netbulae.eu</a>>,
<a href="mailto:users@ovirt.org" target="_blank">users@ovirt.org</a><br>
> Sent: Friday, November 16, 2012 6:47:50 PM<br>
> Subject: Re: [Users] could not add local storage
domain<br>
><br>
</div>
<div>> it's working for me with the latest
files.<br>
><br>
> Current issues:<br>
> - You need to create the db user as superuser<br>
> - disable selinux.<br>
<br>
</div>
Can you grab the relevant AVC errors and report them in a
bug?<br>
<br>
Thanks,<br>
<span><font color="#888888">--<br>
Federico<br>
</font></span></blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<br>
</div></div><pre cols="72">--
Met vriendelijke groet,
Jorick Astrego
Netbulae B.V.
Staalsteden 4-13
7547 TA Enschede
Tel. <a href="tel:%2B31%20%280%2953%20-%2020%2030%20270" value="+31532030270" target="_blank">+31 (0)53 - 20 30 270</a>
Email: <a href="mailto:jorick@netbulae.eu" target="_blank">jorick@netbulae.eu</a>
Site: <a href="http://www.netbulae.eu" target="_blank">http://www.netbulae.eu</a></pre>
</div>
</blockquote></div><br></div>