I've tried and I' logged in!!



sestatus
SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   permissive
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28




Still get those 'denied' in audit.log - node!






On Thu, Dec 12, 2013 at 2:35 PM, Alon Bar-Lev <alonbl@redhat.com> wrote:


----- Original Message -----
> From: "Gabi C" <gabicr@gmail.com>
> To: "Dan Kenigsberg" <danken@redhat.com>
> Cc: users@ovirt.org
> Sent: Thursday, December 12, 2013 2:32:48 PM
> Subject: Re: [Users] SSH MAC corrupt
>
> I confirm that manual ssh works both ways.
>
> I'll try to sniff.

please try from engine:

ssh -i /etc/pki/ovirt-engine/keys/engine_id_rsa root@node

this is similar to what engine is trying to do.

but as far as I see, the problem is within the selinux policy.

>
>
> On Thu, Dec 12, 2013 at 2:22 PM, Dan Kenigsberg < danken@redhat.com > wrote:
>
>
>
> On Thu, Dec 12, 2013 at 11:43:10AM +0200, Gabi C wrote:
> > Hello!
> >
> > 1 engine running ovirt-engine-3.3.1-2.fc19.noarch, in virtual machine - on
> > esxi 5.5 host - when I try to add ovirt node hypervisor
> > 3.0.3-1.1.fc19,after "setenforce 0" on node, of course, this fails with:
> >
> > /var/log/secure
> >
> >
> > Dec 12 09:35:40 virtual4 sshd[3898]: Corrupted MAC on input.
> > Dec 12 09:35:40 virtual4 sshd[3898]: Disconnecting: Packet corrupt
> > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: do_cleanup
> > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: cleanup
> > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: closing session
> > Dec 12 09:35:40 virtual4 sshd[3898]: pam_unix(sshd:session): session closed
> > for user root
> > Dec 12 09:35:40 virtual4 sshd[3898]: debug1: PAM: deleting credentials
> > Dec 12 09:35:40 virtual4 sshd[3898]: error: getsockname failed: Bad file
> > descriptor
> >
> >
> >
> >
> > and
> >
> > /var/log/audit/audit.log
> >
> > type=AVC msg=audit(1386840940.650:589): avc: denied { sigchld } for
> > pid=3898 comm="sshd" scontext=system_u:system_r:sshd_net_t:s0
> > tcontext=system_u:system_r:initrc_t:s0 tclass=process
> > type=SYSCALL msg=audit(1386840940.650:589): arch=c000003e syscall=61
> > success=yes exit=3899 a0=f3b a1=7fff76fe9ad0 a2=0 a3=0 items=0 ppid=3834
> > pid=3898 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
> > fsgid=0 ses=4294967295 tty=(none) comm="sshd" exe="/usr/sbin/sshd"
> > subj=system_u:system_r:initrc_t:s0 key=(null)
> >
> > ............................
> > type=AVC msg=audit(1386840940.751:595): avc: denied { dyntransition }
> > for pid=3898 comm="sshd" scontext=system_u:system_r:initrc_t:s0
> > tcontext=unconfined_u:unconfined_r:unconfined_t:s0 tclass=process
> > ............
> >
> >
> >
> >
> > any ideea?
>
> Does manual ssh from Engine to the node work?
> Could you sniff the traffic to see where it's being garbled?
>
>
> _______________________________________________
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>