on vdsm
On Sun, Nov 18, 2012 at 11:44 AM, Jorick Astrego <jorick(a)netbulae.eu> wrote:
Cristian,
This is the link for bug reports:
https://bugzilla.redhat.com/enter_bug.cgi?product=oVirt
Regards,
Jorick
On 11/17/2012 06:16 PM, Cristian Falcas wrote:
Please let me know how to do this, or if it's enough the bellow info.
In the logs I found this when trying to activate the storage:
Nov 17 16:57:58 localhost sanlock[11899]: 2012-11-17 16:57:58+0200 29123
[13385]: open error -13 /rhev/data-center/mnt/_media_
ceva2_Ovirt_Storage/f021f6dd-0f88-4d5e-842f-b54e8cb5f846/dom_md/ids
Nov 17 16:57:58 localhost sanlock[11899]: 2012-11-17 16:57:58+0200 29123
[13385]: s1956 open_disk
/rhev/data-center/mnt/_media_ceva2_Ovirt_Storage/f021f6dd-0f88-4d5e-842f-b54e8cb5f846/dom_md/ids
error -13
Nov 17 16:57:59 localhost setroubleshoot: SELinux is preventing
/usr/sbin/sanlock from search access on the directory Storage. For complete
SELinux messages. run sealert -l 026bd86b-153c-403a-ab2d-043e381be6cc
Nov 17 16:58:01 localhost vdsm TaskManager.Task ERROR
Task=`eb4b34ff-04a8-4d12-9338-ebce08f554ca`::Unexpected error
Running the sealert command :
root@localhost log]# sealert -l 026bd86b-153c-403a-ab2d-043e381be6cc
SELinux is preventing /usr/sbin/sanlock from search access on the
directory Storage.
***** Plugin catchall (100. confidence) suggests
***************************
If you believe that sanlock should be allowed search access on the Storage
directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep sanlock /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:sanlock_t:s0-s0:c0.c1023
Target Context unconfined_u:object_r:public_content_rw_t:s0
Target Objects Storage [ dir ]
Source sanlock
Source Path /usr/sbin/sanlock
Port <Unknown>
Host localhost.localdomain
Source RPM Packages sanlock-2.4-2.fc17.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.10.0-159.fc17.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name localhost.localdomain
Platform Linux localhost.localdomain
3.6.6-1.fc17.x86_64 #1
SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 x86_64
Alert Count 1980
First Seen 2012-11-16 11:03:19 EET
Last Seen 2012-11-17 16:58:18 EET
Local ID 026bd86b-153c-403a-ab2d-043e381be6cc
Raw Audit Messages
type=AVC msg=audit(1353164298.898:5507): avc: denied { search } for
pid=13449 comm="sanlock" name="Storage" dev="dm-12"
ino=4456450
scontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:public_content_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1353164298.898:5507): arch=x86_64 syscall=open
success=no exit=EACCES a0=7f50b80009c8 a1=105002 a2=0 a3=0 items=0 ppid=1
pid=13449 auid=4294967295 uid=179 gid=179 euid=179 suid=179 fsuid=179
egid=179 sgid=179 fsgid=179 tty=(none) ses=4294967295 comm=sanlock
exe=/usr/sbin/sanlock subj=system_u:system_r:sanlock_t:s0-s0:c0.c1023
key=(null)
Hash: sanlock,sanlock_t,public_content_rw_t,dir,search
audit2allow
#============= sanlock_t ==============
allow sanlock_t public_content_rw_t:dir search;
audit2allow -R
#============= sanlock_t ==============
allow sanlock_t public_content_rw_t:dir search;
On Fri, Nov 16, 2012 at 7:51 PM, Federico Simoncelli <fsimonce(a)redhat.com>wrote:
> ----- Original Message -----
> > From: "Cristian Falcas" <cristi.falcas(a)gmail.com>
> > To: "Federico Simoncelli" <fsimonce(a)redhat.com>
> > Cc: "Jorick Astrego" <jorick(a)netbulae.eu>, users(a)ovirt.org
> > Sent: Friday, November 16, 2012 6:47:50 PM
> > Subject: Re: [Users] could not add local storage domain
> >
> > it's working for me with the latest files.
> >
> > Current issues:
> > - You need to create the db user as superuser
> > - disable selinux.
>
> Can you grab the relevant AVC errors and report them in a bug?
>
> Thanks,
> --
> Federico
>
--
Met vriendelijke groet,
Jorick Astrego
Netbulae B.V.
Staalsteden 4-13
7547 TA Enschede
Tel. +31 (0)53 - 20 30 270
Email: jorick(a)netbulae.eu
Site:
http://www.netbulae.eu