On 30 May 2016, at 15:35, Pavel Gashev <Pax@acronis.com> wrote:
In my case oVirt is running in an OpenVZ container. Since selinux doesn't support namespaces, it's disabled.
I don't want to fuel the holy war stopdisablingselinux.com vs selinuxsucks.com. Just please allow us to choose. Thanks.
yep, I guess it’s fair in experimental cases like yours. And you can skip over the ovirt-vmconsole deployment in engine-setup completely, so even when the bug is still here it shouldn’t affect you at all. It’s not about a choice, it’s about supportability and reasonable verification. Thanks, michal
On 30/05/16 16:01, "users-bounces@ovirt.org on behalf of Michal Skrivanek" <users-bounces@ovirt.org on behalf of michal.skrivanek@redhat.com> wrote:
On 30 May 2016, at 14:57, Fabrice Bacchella <fabrice.bacchella@orange.fr> wrote:
Running with selinux disabled is not recommended nor supported. It should be easy to skip over that problem, but in general this is not something you should hit in normal environment
That's very theorical recommandation. selinux is very very often disabled, because nobody really understand it.
It is not theoretical, it’s mandatory. there is an assumption it is enabled, after bare OS installation it is enabled, so when you disable it it is an explicit decision done by the admin for some reason. What did you find not working? Did you really encounter anything not being solved by setting Permissive mode instead disabling completely?
Thanks, michal
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users