Re: [ovirt-users] SELinux and oVirt
Ah, ok that makes sense. For the node, is it enough to use the 'reinstall
node' option from the GUI, or is it better to reinstall the OS and then
deploy it again?
Thanks,
Cam
On Wed, May 11, 2016 at 2:40 PM, Michal Skrivanek <
michal.skrivanek(a)redhat.com> wrote:
On 11 May 2016, at 15:24, Cam Mac <iucounu(a)gmail.com> wrote:
Thanks Michal, if reinstalling the engine, (which also had SELinux
disabled at install), would the best way be to backup the engine and then
restore just the ovirt config?
for engine..well, VM security is not related to that, those are running on
hypervisors, not the engine. So for any functionality/security it’s
irrelevant what SELinux state it’s in
I’m not sure if relabeling with restorecon is not enough (it sould work
also on nodes, but as I said, it’s likely more safe to reinstall just to be
really really sure:)
Simone, am I right about the restorecon for engine?
Cheers,
Cam
On Wed, May 11, 2016 at 2:14 PM, Michal Skrivanek <
michal.skrivanek(a)redhat.com> wrote:
>
> > On 11 May 2016, at 15:02, Cam Mac <iucounu(a)gmail.com> wrote:
> >
> > Hi,
> >
> > In the oVirt guide, it says that "SELinux is being used by default on
> oVirt Node", but then goes on to say that if you have problems you should
> set it to permissive mode. I have had a few things fail due to being
> blocked by SELinux on a node I later enabled SELinux on, as it was off at
> install time. The other node which has had SELinux on from the start and so
> far has not had any oVirt operations blocked. I am guessing that the oVirt
> install process creates the necessary rules to allow vdsm to run under
> SELinux. So if you want to set SELinux to enforcing after installation, is
> there a script to do this, or is it better to just reinstall the node or
> engine, rather than trying to work out the individual exceptions?
>
> For oVirt node it’s easier to reinstall it, it doesn’t persist much and
> it’s the easies way how to get the labelling right
>
> Thanks,
> michal
>
> >
> > Thanks,
> >
> > Cam
> > _______________________________________________
> > Users mailing list
> > Users(a)ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users
>
>
_______________________________________________
Users mailing list
Users(a)ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
Attachments:
- attachment.html (text/html — 3.7 KB)