<p dir="ltr">I'll try when i'll be back to work i.e. 13 hours from now...</p>
<div class="gmail_quote">Pe 12.12.2013 15:16, "Alon Bar-Lev" <<a href="mailto:alonbl@redhat.com">alonbl@redhat.com</a>> a scris:<br type="attribution"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<br>
<br>
----- Original Message -----<br>
> From: "Gabi C" <<a href="mailto:gabicr@gmail.com">gabicr@gmail.com</a>><br>
> To: "Alon Bar-Lev" <<a href="mailto:alonbl@redhat.com">alonbl@redhat.com</a>><br>
> Cc: "Dan Kenigsberg" <<a href="mailto:danken@redhat.com">danken@redhat.com</a>>, <a href="mailto:users@ovirt.org">users@ovirt.org</a><br>
> Sent: Thursday, December 12, 2013 3:13:43 PM<br>
> Subject: Re: [Users] SSH MAC corrupt<br>
><br>
> I've tried and I' logged in!!<br>
><br>
><br>
><br>
> sestatus<br>
> SELinux status: enabled<br>
> SELinuxfs mount: /sys/fs/selinux<br>
> SELinux root directory: /etc/selinux<br>
> Loaded policy name: targeted<br>
> Current mode: permissive<br>
> Mode from config file: enforcing<br>
> Policy MLS status: enabled<br>
> Policy deny_unknown status: allowed<br>
> Max kernel policy version: 28<br>
><br>
><br>
><br>
><br>
> Still get those 'denied' in audit.log - node!<br>
<br>
Because you are at permissive mode.<br>
<br>
Now, what do you get in engine.log in this state when you trying to add node via webadmin?<br>
<br>
><br>
><br>
><br>
><br>
><br>
><br>
> On Thu, Dec 12, 2013 at 2:35 PM, Alon Bar-Lev <<a href="mailto:alonbl@redhat.com">alonbl@redhat.com</a>> wrote:<br>
><br>
> ><br>
> ><br>
> > ----- Original Message -----<br>
> > > From: "Gabi C" <<a href="mailto:gabicr@gmail.com">gabicr@gmail.com</a>><br>
> > > To: "Dan Kenigsberg" <<a href="mailto:danken@redhat.com">danken@redhat.com</a>><br>
> > > Cc: <a href="mailto:users@ovirt.org">users@ovirt.org</a><br>
> > > Sent: Thursday, December 12, 2013 2:32:48 PM<br>
> > > Subject: Re: [Users] SSH MAC corrupt<br>
> > ><br>
> > > I confirm that manual ssh works both ways.<br>
> > ><br>
> > > I'll try to sniff.<br>
> ><br>
> > please try from engine:<br>
> ><br>
> > ssh -i /etc/pki/ovirt-engine/keys/engine_id_rsa root@node<br>
> ><br>
> > this is similar to what engine is trying to do.<br>
> ><br>
> > but as far as I see, the problem is within the selinux policy.<br>
> ><br>
> > ><br>
> > ><br>
> > > On Thu, Dec 12, 2013 at 2:22 PM, Dan Kenigsberg < <a href="mailto:danken@redhat.com">danken@redhat.com</a> ><br>
> > wrote:<br>
> > ><br>
> > ><br>
> > ><br>
> > > On Thu, Dec 12, 2013 at 11:43:10AM +0200, Gabi C wrote:<br>
> > > > Hello!<br>
> > > ><br>
> > > > 1 engine running ovirt-engine-3.3.1-2.fc19.noarch, in virtual machine<br>
> > - on<br>
> > > > esxi 5.5 host - when I try to add ovirt node hypervisor<br>
> > > > 3.0.3-1.1.fc19,after "setenforce 0" on node, of course, this fails<br>
> > with:<br>
> > > ><br>
> > > > /var/log/secure<br>
> > > ><br>
> > > ><br>
> > > > Dec 12 09:35:40 virtual4 sshd[3898]: Corrupted MAC on input.<br>
> > > > Dec 12 09:35:40 virtual4 sshd[3898]: Disconnecting: Packet corrupt<br>
> > > > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: do_cleanup<br>
> > > > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: cleanup<br>
> > > > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: closing session<br>
> > > > Dec 12 09:35:40 virtual4 sshd[3898]: pam_unix(sshd:session): session<br>
> > closed<br>
> > > > for user root<br>
> > > > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: deleting credentials<br>
> > > > Dec 12 09:35:40 virtual4 sshd[3898]: error: getsockname failed: Bad<br>
> > file<br>
> > > > descriptor<br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > > and<br>
> > > ><br>
> > > > /var/log/audit/audit.log<br>
> > > ><br>
> > > > type=AVC msg=audit(1386840940.650:589): avc: denied { sigchld } for<br>
> > > > pid=3898 comm="sshd" scontext=system_u:system_r:sshd_net_t:s0<br>
> > > > tcontext=system_u:system_r:initrc_t:s0 tclass=process<br>
> > > > type=SYSCALL msg=audit(1386840940.650:589): arch=c000003e syscall=61<br>
> > > > success=yes exit=3899 a0=f3b a1=7fff76fe9ad0 a2=0 a3=0 items=0<br>
> > ppid=3834<br>
> > > > pid=3898 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0<br>
> > sgid=0<br>
> > > > fsgid=0 ses=4294967295 tty=(none) comm="sshd" exe="/usr/sbin/sshd"<br>
> > > > subj=system_u:system_r:initrc_t:s0 key=(null)<br>
> > > ><br>
> > > > ............................<br>
> > > > type=AVC msg=audit(1386840940.751:595): avc: denied { dyntransition }<br>
> > > > for pid=3898 comm="sshd" scontext=system_u:system_r:initrc_t:s0<br>
> > > > tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process<br>
> > > > ............<br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > ><br>
> > > > any ideea?<br>
> > ><br>
> > > Does manual ssh from Engine to the node work?<br>
> > > Could you sniff the traffic to see where it's being garbled?<br>
> > ><br>
> > ><br>
> > > _______________________________________________<br>
> > > Users mailing list<br>
> > > <a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br>
> > > <a href="http://lists.ovirt.org/mailman/listinfo/users" target="_blank">http://lists.ovirt.org/mailman/listinfo/users</a><br>
> > ><br>
> ><br>
><br>
</blockquote></div>