Re: [Users] Can't start a VM - sanlock permission denied
----- Original Message -----
From: "Alexandre Santos" <santosam72(a)gmail.com>
To: "Dan Kenigsberg" <danken(a)redhat.com>
Cc: "Haim Ateya" <hateya(a)redhat.com>, users(a)ovirt.org, "Federico
Simoncelli" <fsimonce(a)redhat.com>
Sent: Sunday, October 14, 2012 7:23:36 PM
Subject: Re: [Users] Can't start a VM - sanlock permission denied
2012/10/13 Dan Kenigsberg < danken(a)redhat.com >
On Sat, Oct 13, 2012 at 11:25:37AM +0100, Alexandre Santos wrote:
> Hi,
> after getting to the oVirt Node console (F2) I figured out that
> selinux
> wasn't allowing the sanlock, so I entered the setsebool
> virt_use_sanlock 1
> and the problem is fixed.
Which version of vdsm is istalled on your node? and which
selinux-policy? sanlock should work out-of-the-box.
vdsm-4.10.0-10.fc17
on /etc/sysconfig/selinux
SELINUX=enforcing
SELINUXTYPE=targeted
As far as I understand the selinux policies for the ovirt-node are set
by recipe/common-post.ks (in the ovirt-node repo):
semanage boolean -m -S targeted -F /dev/stdin << \EOF_semanage
allow_execstack=0
virt_use_nfs=1
EOF_semanage
We should update it with what vdsm is currently setting:
virt_use_sanlock=1
sanlock_use_nfs=1
--
Federico