This is a multi-part message in MIME format. --------------060804090704070102090007 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit On 04/08/2015 04:34 PM, Jorick Astrego wrote:
Hi, Hi,
Testing 3.5.2rc3, I see AVC denied messages for the ovrit-guest agent (installed through cloud-init).
type=AVC msg=audit(1428510418.333:142): avc: denied { read } for pid=1113 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file type=AVC msg=audit(1428510418.333:142): avc: denied { open } for pid=1113 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file type=SYSCALL msg=audit(1428510418.333:142): arch=c000003e syscall=2 success=yes exit=6 a0=7f8a655612b8 a1=80000 a2=2803ff a3=0 items=0 ppid=1 pid=1113 auid=4294967295 uid=175 gid=175 euid=175 suid=175 fsuid=175 egid=175 sgid=175 fsgid=175 tty=(none) ses=4294967295 comm="ovirt-guest-age" exe="/usr/bin/python" subj=system_u:system_r:rhev_agentd_t:s0 key=(null)
And when I check the rpm I see:
rpm -qa|grep ovirt ovirt-release-el6-10.0.1-3.noarch ovirt-guest-agent-1.0.8-1.el6.noarch
Well the latest guest agent is always available on epel for el5/6/7 and for fedora in the fedora repos I am not sure why it's not available in the public ovirt repositories, however that was somehow always a problem with ovirt releases, but I recommend anyway to use epel for the ovirt guest agent due to the fact that I am releasing the guest agent always to epel and it will get updated from there. Please also note that the repo location has changed. ovirt-3.5 for el6 is now here: http://resources.ovirt.org/pub/ovirt-3.5/rpm/el6/ However what I don't know, is how the 3.3.3 repository got installed for you, I am not sure that this was done by the bare 'cloud-init', that might be specific to your cloud init configuration.
Then I checked the cloud-init installed /etc/yum.repos.d/el6-ovirt.repo and see version 3.3.3 is active. Shouldn't this be updated to 3.5.* ????
[ovirt-stable] name=Older Stable builds of the oVirt project baseurl=http://ovirt.org/releases/stable/rpm/EL/$releasever/ enabled=1 skip_if_unavailable=1 gpgcheck=0
[ovirt-3.3.3] name=oVirt 3.3.3 release baseurl=http://resources.ovirt.org/releases/3.3.3/rpm/EL/$releasever/ enabled=1 skip_if_unavailable=1 gpgcheck=0
[ovirt-updates-testing] name=Test Updates builds of the oVirt project baseurl=http://ovirt.org/releases/updates-testing/rpm/EL/$releasever/ enabled=0 skip_if_unavailable=1 gpgcheck=0
[ovirt-beta] name=Beta builds of the oVirt project baseurl=http://ovirt.org/releases/beta/rpm/EL/$releasever/ enabled=0 skip_if_unavailable=1 gpgcheck=0
[ovirt-nightly] name=Nightly builds of the oVirt project baseurl=http://ovirt.org/releases/nightly/rpm/EL/$releasever/ enabled=0 skip_if_unavailable=1 gpgcheck=0
[ovirt-3.4.0-alpha] name=3.4.0 alpha testing repo for the oVirt project baseurl=http://ovirt.org/releases/3.4.0-alpha/rpm/EL/$releasever/ enabled=0 skip_if_unavailable=1 gpgcheck=0
[ovirt-3.4.0-prerelease] name=Pre release builds of the oVirt 3.4 project baseurl=http://resources.ovirt.org/releases/3.4.0_pre/rpm/EL/$releasever/ enabled=0 skip_if_unavailable=1 gpgcheck=0
Met vriendelijke groet, With kind regards,
Jorick Astrego*
Netbulae Virtualization Experts * ------------------------------------------------------------------------ Tel: 053 20 30 270 info@netbulae.eu Staalsteden 4-3A KvK 08198180 Fax: 053 20 30 271 www.netbulae.eu 7547 TA Enschede BTW NL821234584B01
------------------------------------------------------------------------
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
-- Regards, Vinzenz Feenstra | Senior Software Engineer RedHat Engineering Virtualization R & D Phone: +420 532 294 625 IRC: vfeenstr or evilissimo Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com --------------060804090704070102090007 Content-Type: text/html; charset=windows-1252 Content-Transfer-Encoding: 8bit <html> <head> <meta content="text/html; charset=windows-1252" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <div class="moz-cite-prefix">On 04/08/2015 04:34 PM, Jorick Astrego wrote:<br> </div> <blockquote cite="mid:55253C8C.7080300@netbulae.eu" type="cite"> <meta http-equiv="content-type" content="text/html; charset=windows-1252"> Hi,<br> </blockquote> Hi,<br> <blockquote cite="mid:55253C8C.7080300@netbulae.eu" type="cite"> <br> Testing 3.5.2rc3, I see AVC denied messages for the ovrit-guest agent (installed through cloud-init).<br> <br> <blockquote>type=AVC msg=audit(1428510418.333:142): avc: denied { read } for pid=1113 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file<br> type=AVC msg=audit(1428510418.333:142): avc: denied { open } for pid=1113 comm="ovirt-guest-age" name="online" dev=sysfs ino=23 scontext=system_u:system_r:rhev_agentd_t:s0 tcontext=system_u:object_r:sysfs_t:s0 tclass=file<br> type=SYSCALL msg=audit(1428510418.333:142): arch=c000003e syscall=2 success=yes exit=6 a0=7f8a655612b8 a1=80000 a2=2803ff a3=0 items=0 ppid=1 pid=1113 auid=4294967295 uid=175 gid=175 euid=175 suid=175 fsuid=175 egid=175 sgid=175 fsgid=175 tty=(none) ses=4294967295 comm="ovirt-guest-age" exe="/usr/bin/python" subj=system_u:system_r:rhev_agentd_t:s0 key=(null)<br> </blockquote> And when I check the rpm I see:<br> <br> <blockquote>rpm -qa|grep ovirt<br> ovirt-release-el6-10.0.1-3.noarch<br> ovirt-guest-agent-1.0.8-1.el6.noarch<br> </blockquote> </blockquote> Well the latest guest agent is always available on epel for el5/6/7 and for fedora in the fedora repos I am not sure why it's not available in the public ovirt repositories, however that was somehow always a problem with ovirt releases, but I recommend anyway to use epel for the ovirt guest agent due to the fact that I am releasing the guest agent always to epel and it will get updated from there.<br> <br> Please also note that the repo location has changed. ovirt-3.5 for el6 is now here: <a class="moz-txt-link-freetext" href="http://resources.ovirt.org/pub/ovirt-3.5/rpm/el6/">http://resources.ovirt.org/pub/ovirt-3.5/rpm/el6/</a><br> <br> However what I don't know, is how the 3.3.3 repository got installed for you, I am not sure that this was done by the bare 'cloud-init', that might be specific to your cloud init configuration.<br> <br> <blockquote cite="mid:55253C8C.7080300@netbulae.eu" type="cite">Then I checked the cloud-init installed /etc/yum.repos.d/el6-ovirt.repo and see version 3.3.3 is active. Shouldn't this be updated to 3.5.* ????<br> <br> <blockquote>[ovirt-stable]<br> name=Older Stable builds of the oVirt project<br> baseurl=<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://ovirt.org/releases/stable/rpm/EL/$releasever/">http://ovirt.org/releases/stable/rpm/EL/$releasever/</a><br> enabled=1<br> skip_if_unavailable=1<br> gpgcheck=0<br> <br> [ovirt-3.3.3]<br> name=oVirt 3.3.3 release<br> baseurl=<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://resources.ovirt.org/releases/3.3.3/rpm/EL/$releasever/">http://resources.ovirt.org/releases/3.3.3/rpm/EL/$releasever/</a><br> enabled=1<br> skip_if_unavailable=1<br> gpgcheck=0<br> <br> [ovirt-updates-testing]<br> name=Test Updates builds of the oVirt project<br> baseurl=<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://ovirt.org/releases/updates-testing/rpm/EL/$releasever/">http://ovirt.org/releases/updates-testing/rpm/EL/$releasever/</a><br> enabled=0<br> skip_if_unavailable=1<br> gpgcheck=0<br> <br> [ovirt-beta]<br> name=Beta builds of the oVirt project<br> baseurl=<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://ovirt.org/releases/beta/rpm/EL/$releasever/">http://ovirt.org/releases/beta/rpm/EL/$releasever/</a><br> enabled=0<br> skip_if_unavailable=1<br> gpgcheck=0<br> <br> [ovirt-nightly]<br> name=Nightly builds of the oVirt project<br> baseurl=<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://ovirt.org/releases/nightly/rpm/EL/$releasever/">http://ovirt.org/releases/nightly/rpm/EL/$releasever/</a><br> enabled=0<br> skip_if_unavailable=1<br> gpgcheck=0<br> <br> [ovirt-3.4.0-alpha]<br> name=3.4.0 alpha testing repo for the oVirt project<br> baseurl=<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://ovirt.org/releases/3.4.0-alpha/rpm/EL/$releasever/">http://ovirt.org/releases/3.4.0-alpha/rpm/EL/$releasever/</a><br> enabled=0<br> skip_if_unavailable=1<br> gpgcheck=0<br> <br> [ovirt-3.4.0-prerelease]<br> name=Pre release builds of the oVirt 3.4 project<br> baseurl=<a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://resources.ovirt.org/releases/3.4.0_pre/rpm/EL/$releasever/">http://resources.ovirt.org/releases/3.4.0_pre/rpm/EL/$releasever/</a><br> enabled=0<br> skip_if_unavailable=1<br> gpgcheck=0<br> </blockquote> <br> <br> <br> <br> <br> <br> <span style="color:#604c78;"><font color="000000"><span style="mso-fareast-language:en-gb;" lang="NL">Met vriendelijke groet, With kind regards,<br> <br> </span>Jorick Astrego</font></span><b style="color:#604c78"><br> <br> Netbulae Virtualization Experts </b><br> <hr style="border:none;border-top:1px solid #ccc;"> <table style="width: 522px"> <tbody> <tr> <td style="width: 130px;font-size: 10px">Tel: 053 20 30 270</td> <td style="width: 130px;font-size: 10px"><a class="moz-txt-link-abbreviated" href="mailto:info@netbulae.eu">info@netbulae.eu</a></td> <td style="width: 130px;font-size: 10px">Staalsteden 4-3A</td> <td style="width: 130px;font-size: 10px">KvK 08198180</td> </tr> <tr> <td style="width: 130px;font-size: 10px">Fax: 053 20 30 271</td> <td style="width: 130px;font-size: 10px"><a class="moz-txt-link-abbreviated" href="http://www.netbulae.eu">www.netbulae.eu</a></td> <td style="width: 130px;font-size: 10px">7547 TA Enschede</td> <td style="width: 130px;font-size: 10px">BTW NL821234584B01</td> </tr> </tbody> </table> <br> <hr style="border:none;border-top:1px solid #ccc;"><br> <br> <fieldset class="mimeAttachmentHeader"></fieldset> <br> <pre wrap="">_______________________________________________ Users mailing list <a class="moz-txt-link-abbreviated" href="mailto:Users@ovirt.org">Users@ovirt.org</a> <a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a> </pre> </blockquote> <br> <br> <pre class="moz-signature" cols="72">-- Regards, Vinzenz Feenstra | Senior Software Engineer RedHat Engineering Virtualization R & D Phone: +420 532 294 625 IRC: vfeenstr or evilissimo Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com</pre> </body> </html> --------------060804090704070102090007--