This is a multi-part message in MIME format. --------------060009090805050706040306 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cristian, This is the link for bug reports: https://bugzilla.redhat.com/enter_bug.cgi?product=oVirt Regards, Jorick On 11/17/2012 06:16 PM, Cristian Falcas wrote:
Please let me know how to do this, or if it's enough the bellow info.
In the logs I found this when trying to activate the storage:
Nov 17 16:57:58 localhost sanlock[11899]: 2012-11-17 16:57:58+0200 29123 [13385]: open error -13 /rhev/data-center/mnt/_media_ ceva2_Ovirt_Storage/f021f6dd-0f88-4d5e-842f-b54e8cb5f846/dom_md/ids Nov 17 16:57:58 localhost sanlock[11899]: 2012-11-17 16:57:58+0200 29123 [13385]: s1956 open_disk /rhev/data-center/mnt/_media_ceva2_Ovirt_Storage/f021f6dd-0f88-4d5e-842f-b54e8cb5f846/dom_md/ids error -13 Nov 17 16:57:59 localhost setroubleshoot: SELinux is preventing /usr/sbin/sanlock from search access on the directory Storage. For complete SELinux messages. run sealert -l 026bd86b-153c-403a-ab2d-043e381be6cc Nov 17 16:58:01 localhost vdsm TaskManager.Task ERROR Task=`eb4b34ff-04a8-4d12-9338-ebce08f554ca`::Unexpected error
Running the sealert command :
root@localhost log]# sealert -l 026bd86b-153c-403a-ab2d-043e381be6cc SELinux is preventing /usr/sbin/sanlock from search access on the directory Storage.
***** Plugin catchall (100. confidence) suggests ***************************
If you believe that sanlock should be allowed search access on the Storage directory by default. Then you should report this as a bug. You can generate a local policy module to allow this access. Do allow this access for now by executing: # grep sanlock /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp
Additional Information: Source Context system_u:system_r:sanlock_t:s0-s0:c0.c1023 Target Context unconfined_u:object_r:public_content_rw_t:s0 Target Objects Storage [ dir ] Source sanlock Source Path /usr/sbin/sanlock Port <Unknown> Host localhost.localdomain Source RPM Packages sanlock-2.4-2.fc17.x86_64 Target RPM Packages Policy RPM selinux-policy-3.10.0-159.fc17.noarch Selinux Enabled True Policy Type targeted Enforcing Mode Enforcing Host Name localhost.localdomain Platform Linux localhost.localdomain 3.6.6-1.fc17.x86_64 #1 SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 x86_64 Alert Count 1980 First Seen 2012-11-16 11:03:19 EET Last Seen 2012-11-17 16:58:18 EET Local ID 026bd86b-153c-403a-ab2d-043e381be6cc
Raw Audit Messages type=AVC msg=audit(1353164298.898:5507): avc: denied { search } for pid=13449 comm="sanlock" name="Storage" dev="dm-12" ino=4456450 scontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:public_content_rw_t:s0 tclass=dir
type=SYSCALL msg=audit(1353164298.898:5507): arch=x86_64 syscall=open success=no exit=EACCES a0=7f50b80009c8 a1=105002 a2=0 a3=0 items=0 ppid=1 pid=13449 auid=4294967295 uid=179 gid=179 euid=179 suid=179 fsuid=179 egid=179 sgid=179 fsgid=179 tty=(none) ses=4294967295 comm=sanlock exe=/usr/sbin/sanlock subj=system_u:system_r:sanlock_t:s0-s0:c0.c1023 key=(null)
Hash: sanlock,sanlock_t,public_content_rw_t,dir,search
audit2allow
#============= sanlock_t ============== allow sanlock_t public_content_rw_t:dir search;
audit2allow -R
#============= sanlock_t ============== allow sanlock_t public_content_rw_t:dir search;
On Fri, Nov 16, 2012 at 7:51 PM, Federico Simoncelli <fsimonce@redhat.com <mailto:fsimonce@redhat.com>> wrote:
----- Original Message ----- > From: "Cristian Falcas" <cristi.falcas@gmail.com <mailto:cristi.falcas@gmail.com>> > To: "Federico Simoncelli" <fsimonce@redhat.com <mailto:fsimonce@redhat.com>> > Cc: "Jorick Astrego" <jorick@netbulae.eu <mailto:jorick@netbulae.eu>>, users@ovirt.org <mailto:users@ovirt.org> > Sent: Friday, November 16, 2012 6:47:50 PM > Subject: Re: [Users] could not add local storage domain > > it's working for me with the latest files. > > Current issues: > - You need to create the db user as superuser > - disable selinux.
Can you grab the relevant AVC errors and report them in a bug?
Thanks, -- Federico
-- Met vriendelijke groet, Jorick Astrego Netbulae B.V. Staalsteden 4-13 7547 TA Enschede Tel. +31 (0)53 - 20 30 270 Email: jorick@netbulae.eu Site: http://www.netbulae.eu --------------060009090805050706040306 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit <html> <head> <meta content="text/html; charset=ISO-8859-1" http-equiv="Content-Type"> </head> <body bgcolor="#FFFFFF" text="#000000"> <div class="moz-cite-prefix">Cristian, <br> <br> This is the link for bug reports:<br> <br> <a class="moz-txt-link-freetext" href="https://bugzilla.redhat.com/enter_bug.cgi?product=oVirt">https://bugzilla.redhat.com/enter_bug.cgi?product=oVirt</a><br> <br> Regards,<br> <br> Jorick<br> <br> On 11/17/2012 06:16 PM, Cristian Falcas wrote:<br> </div> <blockquote cite="mid:CAMo7R_c5jxEorXhtrmvrsCBL9wiiyquyYL423f4rjTCfunSMGQ@mail.gmail.com" type="cite">Please let me know how to do this, or if it's enough the bellow info.<br> <br> In the logs I found this when trying to activate the storage:<br> <br> Nov 17 16:57:58 localhost sanlock[11899]: 2012-11-17 16:57:58+0200 29123 [13385]: open error -13 /rhev/data-center/mnt/_media_ <div class="gmail_extra"> ceva2_Ovirt_Storage/f021f6dd-0f88-4d5e-842f-b54e8cb5f846/dom_md/ids<br> Nov 17 16:57:58 localhost sanlock[11899]: 2012-11-17 16:57:58+0200 29123 [13385]: s1956 open_disk /rhev/data-center/mnt/_media_ceva2_Ovirt_Storage/f021f6dd-0f88-4d5e-842f-b54e8cb5f846/dom_md/ids error -13<br> Nov 17 16:57:59 localhost setroubleshoot: SELinux is preventing /usr/sbin/sanlock from search access on the directory Storage. For complete SELinux messages. run sealert -l 026bd86b-153c-403a-ab2d-043e381be6cc<br> Nov 17 16:58:01 localhost vdsm TaskManager.Task ERROR Task=`eb4b34ff-04a8-4d12-9338-ebce08f554ca`::Unexpected error<br> <br> Running the sealert command :<br> <br> <br> root@localhost log]# sealert -l 026bd86b-153c-403a-ab2d-043e381be6cc<br> SELinux is preventing /usr/sbin/sanlock from search access on the directory Storage.<br> <br> ***** Plugin catchall (100. confidence) suggests ***************************<br> <br> If you believe that sanlock should be allowed search access on the Storage directory by default.<br> Then you should report this as a bug.<br> You can generate a local policy module to allow this access.<br> Do<br> allow this access for now by executing:<br> # grep sanlock /var/log/audit/audit.log | audit2allow -M mypol<br> # semodule -i mypol.pp<br> <br> <br> Additional Information:<br> Source Context system_u:system_r:sanlock_t:s0-s0:c0.c1023<br> Target Context unconfined_u:object_r:public_content_rw_t:s0<br> Target Objects Storage [ dir ]<br> Source sanlock<br> Source Path /usr/sbin/sanlock<br> Port <Unknown><br> Host localhost.localdomain<br> Source RPM Packages sanlock-2.4-2.fc17.x86_64<br> Target RPM Packages <br> Policy RPM selinux-policy-3.10.0-159.fc17.noarch<br> Selinux Enabled True<br> Policy Type targeted<br> Enforcing Mode Enforcing<br> Host Name localhost.localdomain<br> Platform Linux localhost.localdomain 3.6.6-1.fc17.x86_64 #1<br> SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 x86_64<br> Alert Count 1980<br> First Seen 2012-11-16 11:03:19 EET<br> Last Seen 2012-11-17 16:58:18 EET<br> Local ID 026bd86b-153c-403a-ab2d-043e381be6cc<br> <br> Raw Audit Messages<br> type=AVC msg=audit(1353164298.898:5507): avc: denied { search } for pid=13449 comm="sanlock" name="Storage" dev="dm-12" ino=4456450 scontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:public_content_rw_t:s0 tclass=dir<br> <br> <br> type=SYSCALL msg=audit(1353164298.898:5507): arch=x86_64 syscall=open success=no exit=EACCES a0=7f50b80009c8 a1=105002 a2=0 a3=0 items=0 ppid=1 pid=13449 auid=4294967295 uid=179 gid=179 euid=179 suid=179 fsuid=179 egid=179 sgid=179 fsgid=179 tty=(none) ses=4294967295 comm=sanlock exe=/usr/sbin/sanlock subj=system_u:system_r:sanlock_t:s0-s0:c0.c1023 key=(null)<br> <br> Hash: sanlock,sanlock_t,public_content_rw_t,dir,search<br> <br> audit2allow<br> <br> #============= sanlock_t ==============<br> allow sanlock_t public_content_rw_t:dir search;<br> <br> audit2allow -R<br> <br> #============= sanlock_t ==============<br> allow sanlock_t public_content_rw_t:dir search;</div> <div class="gmail_extra"><br> <br> <div class="gmail_quote">On Fri, Nov 16, 2012 at 7:51 PM, Federico Simoncelli <span dir="ltr"><<a moz-do-not-send="true" href="mailto:fsimonce@redhat.com" target="_blank">fsimonce@redhat.com</a>></span> wrote:<br> <blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> <div class="im">----- Original Message -----<br> > From: "Cristian Falcas" <<a moz-do-not-send="true" href="mailto:cristi.falcas@gmail.com">cristi.falcas@gmail.com</a>><br> > To: "Federico Simoncelli" <<a moz-do-not-send="true" href="mailto:fsimonce@redhat.com">fsimonce@redhat.com</a>><br> > Cc: "Jorick Astrego" <<a moz-do-not-send="true" href="mailto:jorick@netbulae.eu">jorick@netbulae.eu</a>>, <a moz-do-not-send="true" href="mailto:users@ovirt.org">users@ovirt.org</a><br> > Sent: Friday, November 16, 2012 6:47:50 PM<br> > Subject: Re: [Users] could not add local storage domain<br> ><br> </div> <div class="im">> it's working for me with the latest files.<br> ><br> > Current issues:<br> > - You need to create the db user as superuser<br> > - disable selinux.<br> <br> </div> Can you grab the relevant AVC errors and report them in a bug?<br> <br> Thanks,<br> <span class="HOEnZb"><font color="#888888">--<br> Federico<br> </font></span></blockquote> </div> <br> </div> </blockquote> <br> <br> <pre class="moz-signature" cols="72">-- Met vriendelijke groet, Jorick Astrego Netbulae B.V. Staalsteden 4-13 7547 TA Enschede Tel. +31 (0)53 - 20 30 270 Email: <a class="moz-txt-link-abbreviated" href="mailto:jorick@netbulae.eu">jorick@netbulae.eu</a> Site: <a class="moz-txt-link-freetext" href="http://www.netbulae.eu">http://www.netbulae.eu</a></pre> </body> </html> --------------060009090805050706040306--