11:44 a.m.
This is a multi-part message in MIME format.
--------------060009090805050706040306
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cristian,
This is the link for bug reports:
https://bugzilla.redhat.com/enter_bug.cgi?product=oVirt
Regards,
Jorick
On 11/17/2012 06:16 PM, Cristian Falcas wrote:
Please let me know how to do this, or if it's enough the bellow
info.
In the logs I found this when trying to activate the storage:
Nov 17 16:57:58 localhost sanlock[11899]: 2012-11-17 16:57:58+0200
29123 [13385]: open error -13 /rhev/data-center/mnt/_media_
ceva2_Ovirt_Storage/f021f6dd-0f88-4d5e-842f-b54e8cb5f846/dom_md/ids
Nov 17 16:57:58 localhost sanlock[11899]: 2012-11-17 16:57:58+0200
29123 [13385]: s1956 open_disk
/rhev/data-center/mnt/_media_ceva2_Ovirt_Storage/f021f6dd-0f88-4d5e-842f-b54e8cb5f846/dom_md/ids
error -13
Nov 17 16:57:59 localhost setroubleshoot: SELinux is preventing
/usr/sbin/sanlock from search access on the directory Storage. For
complete SELinux messages. run sealert -l
026bd86b-153c-403a-ab2d-043e381be6cc
Nov 17 16:58:01 localhost vdsm TaskManager.Task ERROR
Task=`eb4b34ff-04a8-4d12-9338-ebce08f554ca`::Unexpected error
Running the sealert command :
root@localhost log]# sealert -l 026bd86b-153c-403a-ab2d-043e381be6cc
SELinux is preventing /usr/sbin/sanlock from search access on the
directory Storage.
***** Plugin catchall (100. confidence) suggests
***************************
If you believe that sanlock should be allowed search access on the
Storage directory by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep sanlock /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Additional Information:
Source Context system_u:system_r:sanlock_t:s0-s0:c0.c1023
Target Context unconfined_u:object_r:public_content_rw_t:s0
Target Objects Storage [ dir ]
Source sanlock
Source Path /usr/sbin/sanlock
Port <Unknown>
Host localhost.localdomain
Source RPM Packages sanlock-2.4-2.fc17.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.10.0-159.fc17.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name localhost.localdomain
Platform Linux localhost.localdomain
3.6.6-1.fc17.x86_64 #1
SMP Mon Nov 5 21:59:35 UTC 2012 x86_64
x86_64
Alert Count 1980
First Seen 2012-11-16 11:03:19 EET
Last Seen 2012-11-17 16:58:18 EET
Local ID 026bd86b-153c-403a-ab2d-043e381be6cc
Raw Audit Messages
type=AVC msg=audit(1353164298.898:5507): avc: denied { search } for
pid=13449 comm="sanlock" name="Storage" dev="dm-12"
ino=4456450
scontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:public_content_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1353164298.898:5507): arch=x86_64 syscall=open
success=no exit=EACCES a0=7f50b80009c8 a1=105002 a2=0 a3=0 items=0
ppid=1 pid=13449 auid=4294967295 uid=179 gid=179 euid=179 suid=179
fsuid=179 egid=179 sgid=179 fsgid=179 tty=(none) ses=4294967295
comm=sanlock exe=/usr/sbin/sanlock
subj=system_u:system_r:sanlock_t:s0-s0:c0.c1023 key=(null)
Hash: sanlock,sanlock_t,public_content_rw_t,dir,search
audit2allow
#============= sanlock_t ==============
allow sanlock_t public_content_rw_t:dir search;
audit2allow -R
#============= sanlock_t ==============
allow sanlock_t public_content_rw_t:dir search;
On Fri, Nov 16, 2012 at 7:51 PM, Federico Simoncelli
<fsimonce(a)redhat.com <mailto:fsimonce@redhat.com>> wrote:
----- Original Message -----
> From: "Cristian Falcas" <cristi.falcas(a)gmail.com
<mailto:cristi.falcas@gmail.com>>
> To: "Federico Simoncelli" <fsimonce(a)redhat.com
<mailto:fsimonce@redhat.com>>
> Cc: "Jorick Astrego" <jorick(a)netbulae.eu
<mailto:jorick@netbulae.eu>>, users(a)ovirt.org
<mailto:users@ovirt.org>
> Sent: Friday, November 16, 2012 6:47:50 PM
> Subject: Re: [Users] could not add local storage domain
>
> it's working for me with the latest files.
>
> Current issues:
> - You need to create the db user as superuser
> - disable selinux.
Can you grab the relevant AVC errors and report them in a bug?
Thanks,
--
Federico
--
Met vriendelijke groet,
Jorick Astrego
Netbulae B.V.
Staalsteden 4-13
7547 TA Enschede
Tel. +31 (0)53 - 20 30 270
Email: jorick(a)netbulae.eu
Site: http://www.netbulae.eu
--------------060009090805050706040306
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Cristian, <br>
<br>
This is the link for bug reports:<br>
<br>
<a class="moz-txt-link-freetext"
href="https://bugzilla.redhat.com/enter_bug.cgi?product=oVirt"&...
<br>
Regards,<br>
<br>
Jorick<br>
<br>
On 11/17/2012 06:16 PM, Cristian Falcas wrote:<br>
</div>
<blockquote
cite="mid:CAMo7R_c5jxEorXhtrmvrsCBL9wiiyquyYL423f4rjTCfunSMGQ@mail.gmail.com"
type="cite">Please let me know how to do this, or if it's enough
the bellow info.<br>
<br>
In the logs I found this when trying to activate the storage:<br>
<br>
Nov 17 16:57:58 localhost sanlock[11899]: 2012-11-17 16:57:58+0200
29123 [13385]: open error -13 /rhev/data-center/mnt/_media_
<div class="gmail_extra">
ceva2_Ovirt_Storage/f021f6dd-0f88-4d5e-842f-b54e8cb5f846/dom_md/ids<br>
Nov 17 16:57:58 localhost sanlock[11899]: 2012-11-17
16:57:58+0200 29123 [13385]: s1956 open_disk
/rhev/data-center/mnt/_media_ceva2_Ovirt_Storage/f021f6dd-0f88-4d5e-842f-b54e8cb5f846/dom_md/ids
error -13<br>
Nov 17 16:57:59 localhost setroubleshoot: SELinux is preventing
/usr/sbin/sanlock from search access on the directory Storage.
For complete SELinux messages. run sealert -l
026bd86b-153c-403a-ab2d-043e381be6cc<br>
Nov 17 16:58:01 localhost vdsm TaskManager.Task ERROR
Task=`eb4b34ff-04a8-4d12-9338-ebce08f554ca`::Unexpected error<br>
<br>
Running the sealert command :<br>
<br>
<br>
root@localhost log]# sealert -l
026bd86b-153c-403a-ab2d-043e381be6cc<br>
SELinux is preventing /usr/sbin/sanlock from search access on
the directory Storage.<br>
<br>
***** Plugin catchall (100. confidence) suggests
***************************<br>
<br>
If you believe that sanlock should be allowed search access on
the Storage directory by default.<br>
Then you should report this as a bug.<br>
You can generate a local policy module to allow this access.<br>
Do<br>
allow this access for now by executing:<br>
# grep sanlock /var/log/audit/audit.log | audit2allow -M mypol<br>
# semodule -i mypol.pp<br>
<br>
<br>
Additional Information:<br>
Source
Context
system_u:system_r:sanlock_t:s0-s0:c0.c1023<br>
Target
Context
unconfined_u:object_r:public_content_rw_t:s0<br>
Target
Objects
Storage [ dir ]<br>
Source
sanlock<br>
Source
Path
/usr/sbin/sanlock<br>
Port
<Unknown><br>
Host
localhost.localdomain<br>
Source RPM
Packages
sanlock-2.4-2.fc17.x86_64<br>
Target RPM
Packages
<br>
Policy
RPM
selinux-policy-3.10.0-159.fc17.noarch<br>
Selinux
Enabled
True<br>
Policy
Type
targeted<br>
Enforcing
Mode
Enforcing<br>
Host
Name
localhost.localdomain<br>
Platform
Linux localhost.localdomain
3.6.6-1.fc17.x86_64 #1<br>
SMP Mon Nov 5 21:59:35 UTC 2012
x86_64 x86_64<br>
Alert
Count
1980<br>
First
Seen
2012-11-16 11:03:19 EET<br>
Last
Seen
2012-11-17 16:58:18 EET<br>
Local
ID
026bd86b-153c-403a-ab2d-043e381be6cc<br>
<br>
Raw Audit Messages<br>
type=AVC msg=audit(1353164298.898:5507): avc: denied { search
} for pid=13449 comm="sanlock" name="Storage"
dev="dm-12"
ino=4456450 scontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023
tcontext=unconfined_u:object_r:public_content_rw_t:s0 tclass=dir<br>
<br>
<br>
type=SYSCALL msg=audit(1353164298.898:5507): arch=x86_64
syscall=open success=no exit=EACCES a0=7f50b80009c8 a1=105002
a2=0 a3=0 items=0 ppid=1 pid=13449 auid=4294967295 uid=179
gid=179 euid=179 suid=179 fsuid=179 egid=179 sgid=179 fsgid=179
tty=(none) ses=4294967295 comm=sanlock exe=/usr/sbin/sanlock
subj=system_u:system_r:sanlock_t:s0-s0:c0.c1023 key=(null)<br>
<br>
Hash: sanlock,sanlock_t,public_content_rw_t,dir,search<br>
<br>
audit2allow<br>
<br>
#============= sanlock_t ==============<br>
allow sanlock_t public_content_rw_t:dir search;<br>
<br>
audit2allow -R<br>
<br>
#============= sanlock_t ==============<br>
allow sanlock_t public_content_rw_t:dir search;</div>
<div class="gmail_extra"><br>
<br>
<div class="gmail_quote">On Fri, Nov 16, 2012 at 7:51 PM,
Federico Simoncelli <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:fsimonce@redhat.com"
target="_blank">fsimonce(a)redhat.com</a>&gt;</span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0
.8ex;border-left:1px #ccc solid;padding-left:1ex">
<div class="im">----- Original Message -----<br>
> From: "Cristian Falcas" <<a
moz-do-not-send="true"
href="mailto:cristi.falcas@gmail.com">cristi.falcas@gmail.com</a>><br>
> To: "Federico Simoncelli" <<a
moz-do-not-send="true"
href="mailto:fsimonce@redhat.com">fsimonce@redhat.com</a>><br>
> Cc: "Jorick Astrego" <<a
moz-do-not-send="true"
href="mailto:jorick@netbulae.eu">jorick@netbulae.eu</a>>,
<a moz-do-not-send="true"
href="mailto:users@ovirt.org">users@ovirt.org</a><br>
> Sent: Friday, November 16, 2012 6:47:50 PM<br>
> Subject: Re: [Users] could not add local storage
domain<br>
><br>
</div>
<div class="im">> it's working for me with the
latest
files.<br>
><br>
> Current issues:<br>
> - You need to create the db user as superuser<br>
> - disable selinux.<br>
<br>
</div>
Can you grab the relevant AVC errors and report them in a
bug?<br>
<br>
Thanks,<br>
<span class="HOEnZb"><font
color="#888888">--<br>
Federico<br>
</font></span></blockquote>
</div>
<br>
</div>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Met vriendelijke groet,
Jorick Astrego
Netbulae B.V.
Staalsteden 4-13
7547 TA Enschede
Tel. +31 (0)53 - 20 30 270
Email: <a class="moz-txt-link-abbreviated"
href="mailto:jorick@netbulae.eu">jorick@netbulae.eu</a>
Site: <a class="moz-txt-link-freetext"
href="http://www.netbulae.eu">http://www.netbulae.eu</a></pre>
</body>
</html>
--------------060009090805050706040306--