----- Original Message -----
From: "Haim Ateya" <hateya@redhat.com> To: "Brian Vetter" <bjvetter@gmail.com> Cc: users@ovirt.org, selinux@lists.fedoraproject.org Sent: Wednesday, October 24, 2012 7:03:39 PM Subject: Re: [Users] SELinux policy issue with oVirt/sanlock
----- Original Message -----
From: "Brian Vetter" <bjvetter@gmail.com> To: "Haim Ateya" <hateya@redhat.com> Cc: users@ovirt.org, selinux@lists.fedoraproject.org Sent: Wednesday, October 24, 2012 6:24:31 PM Subject: Re: [Users] SELinux policy issue with oVirt/sanlock
I removed lock_manager=sanlock from the settings file, restarted the daemons, and all works fine right now. I'm guessing that means there is no locking of the VMs (the default?).
that's right, i'm glad it works for you, but it just a workaround since we expect this configuration to work, it would be much appreciated if you could open a bug on that issue so we can track and resolve when possible. please attach all required logs such as: vdsm.log, libvirtd.log, qemu.log (under /var/log/libvirt/qemu/), audit.log, sanlock.log and /var/log/messages.
What's the bug number? To clarify/recap: - the lock_manager=sanlock configuration is correct (and it shouldn't be removed) - you should set setenforce 0 (with lock_manager=sanlock) and try to start a VM; all the avc errors that you find in /var/log/messages and in /var/log/audit/audit.log should be used to open a selinux policy bug -- Federico