Re: [Users] SELinux policy issue with oVirt/sanlock
----- Original Message -----
From: "Haim Ateya" <hateya(a)redhat.com>
To: "Brian Vetter" <bjvetter(a)gmail.com>
Cc: users(a)ovirt.org, selinux(a)lists.fedoraproject.org
Sent: Wednesday, October 24, 2012 7:03:39 PM
Subject: Re: [Users] SELinux policy issue with oVirt/sanlock
----- Original Message -----
> From: "Brian Vetter" <bjvetter(a)gmail.com>
> To: "Haim Ateya" <hateya(a)redhat.com>
> Cc: users(a)ovirt.org, selinux(a)lists.fedoraproject.org
> Sent: Wednesday, October 24, 2012 6:24:31 PM
> Subject: Re: [Users] SELinux policy issue with oVirt/sanlock
>
> I removed lock_manager=sanlock from the settings file, restarted
> the
> daemons, and all works fine right now. I'm guessing that means
> there
> is no locking of the VMs (the default?).
that's right, i'm glad it works for you, but it just a workaround
since we expect this configuration to work, it would be much
appreciated if you
could open a bug on that issue so we can track and resolve when
possible.
please attach all required logs such as: vdsm.log, libvirtd.log,
qemu.log (under /var/log/libvirt/qemu/), audit.log, sanlock.log and
/var/log/messages.
What's the bug number? To clarify/recap:
- the lock_manager=sanlock configuration is correct (and it shouldn't
be removed)
- you should set setenforce 0 (with lock_manager=sanlock) and try to
start a VM; all the avc errors that you find in /var/log/messages
and in /var/log/audit/audit.log should be used to open a selinux
policy bug
--
Federico