[Users] persisting selinux nightmare
I'm using the ovirt iso image and can't seem to get selinux to persist off no matter what i do. With selinux enforcing, SSHD isnt working, can't install or use the hosts. With it disabled, all seems to work, but after reboot, boom its enforcing again. I even edited /etc/selinux/config and changed it to permissive, then used "persist config" to persist the file. I reboot, I see the file is still changed, but selinux is back into enforcing mode (getenforce) what gives? I'm using this iso image, is this the latest one? It seems really hard to navigate the various old links in docs and such to find the most up to date isos. ovirt-node-iso-3.0.3-1.1.vdsm.fc19.iso
heh, all the directories here, alpha, beta, nightly, stable, all have the same image file versions? http://resources.ovirt.org/releases/node-base/ On Fri, Feb 14, 2014 at 12:19 PM, David Smith <dsmith@mypchelp.com> wrote:
I'm using the ovirt iso image and can't seem to get selinux to persist off no matter what i do.
With selinux enforcing, SSHD isnt working, can't install or use the hosts. With it disabled, all seems to work, but after reboot, boom its enforcing again.
I even edited /etc/selinux/config and changed it to permissive, then used "persist config" to persist the file. I reboot, I see the file is still changed, but selinux is back into enforcing mode (getenforce)
what gives?
I'm using this iso image, is this the latest one? It seems really hard to navigate the various old links in docs and such to find the most up to date isos. ovirt-node-iso-3.0.3-1.1.vdsm.fc19.iso
Hi David, Currently I'm testing with http://fedorapeople.org/~fabiand/node/3.0.4/ovirt-node-iso-3.0.4-1.0.2014012... from http://wiki.ovirt.org/OVirt_3.4_TestDay. I don't know why fabian has it on his own page. If you put enforcing=0 in the kernel options when installing it sets selinux to permissive... at least in my environment Kind regards, Jorick Astrego On Fri, 2014-02-14 at 12:22 -0800, David Smith wrote:
heh, all the directories here, alpha, beta, nightly, stable, all have the same image file versions? http://resources.ovirt.org/releases/node-base/
On Fri, Feb 14, 2014 at 12:19 PM, David Smith <dsmith@mypchelp.com> wrote:
I'm using the ovirt iso image and can't seem to get selinux to persist off no matter what i do.
With selinux enforcing, SSHD isnt working, can't install or use the hosts. With it disabled, all seems to work, but after reboot, boom its enforcing again.
I even edited /etc/selinux/config and changed it to permissive, then used "persist config" to persist the file. I reboot, I see the file is still changed, but selinux is back into enforcing mode (getenforce)
what gives?
I'm using this iso image, is this the latest one? It seems really hard to navigate the various old links in docs and such to find the most up to date isos. ovirt-node-iso-3.0.3-1.1.vdsm.fc19.iso
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Sorry replied to old post, my mailclient wasn't synced properly :-(g On Fri, 2014-02-21 at 10:13 +0100, Jorick Astrego wrote:
Hi David,
Currently I'm testing with http://fedorapeople.org/~fabiand/node/3.0.4/ovirt-node-iso-3.0.4-1.0.2014012... from http://wiki.ovirt.org/OVirt_3.4_TestDay.
I don't know why fabian has it on his own page.
If you put enforcing=0 in the kernel options when installing it sets selinux to permissive... at least in my environment
Kind regards,
Jorick Astrego
On Fri, 2014-02-14 at 12:22 -0800, David Smith wrote:
heh, all the directories here, alpha, beta, nightly, stable, all have the same image file versions? http://resources.ovirt.org/releases/node-base/
On Fri, Feb 14, 2014 at 12:19 PM, David Smith <dsmith@mypchelp.com> wrote:
I'm using the ovirt iso image and can't seem to get selinux to persist off no matter what i do.
With selinux enforcing, SSHD isnt working, can't install or use the hosts. With it disabled, all seems to work, but after reboot, boom its enforcing again.
I even edited /etc/selinux/config and changed it to permissive, then used "persist config" to persist the file. I reboot, I see the file is still changed, but selinux is back into enforcing mode (getenforce)
what gives?
I'm using this iso image, is this the latest one? It seems really hard to navigate the various old links in docs and such to find the most up to date isos. ovirt-node-iso-3.0.3-1.1.vdsm.fc19.iso
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
--=-93zUpg8Nw+hApqJ3QWW+ Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Hey David, Am Freitag, den 14.02.2014, 12:19 -0800 schrieb David Smith:
I'm using the ovirt iso image and can't seem to get selinux to persist off no matter what i do.
With selinux enforcing, SSHD isnt working, can't install or use the hosts. With it disabled, all seems to work, but after reboot, boom its enforcing again. =20 I even edited /etc/selinux/config and changed it to permissive, then used "persist config" to persist the file. I reboot, I see the file is still changed, but selinux is back into enforcing mode (getenforce)
(There is a new ISO to try - see below) Yes - that file is one of the files which "don't work as expected" when you persist them. This is because that file would be needed very early in the boot process, but isn't available by then. You can set SELinux into permissive mode by appending enforcing=3D0 to the kernel cmdline when you boot the host. And you can totally disable it using selinux=3D0 See also: http://www.ovirt.org/Node_Troubleshooting#SELinux
what gives? =20 I'm using this iso image, is this the latest one? It seems really hard to navigate the various old links in docs and such to find the most up to date isos. ovirt-node-iso-3.0.3-1.1.vdsm.fc19.iso
That image is quite old, but we are in progress of finally publishing a new ISOs on ressources.ovirt.org. Candidates which you can also try - and are much more up to date, and also include SELinux fixes - can be found here: http://fedorapeople.org/~fabiand/node/3.0.4/ - fabian --=-93zUpg8Nw+hApqJ3QWW+ Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQIcBAABAgAGBQJTAbWSAAoJEC9+uOgSHVGUwt4P/2VI5kUNmB3Ku5NJcjuF+4gg 03FZR7Amzdx2gp8Pl1N1fsW6kg+odJenRM7fqXE8Ht8IcxuYKteq85FoTfGahn3t EA7c7AOiwfqeblP7kR3X6h3H4Bod5gv886ksZbl9UExiHm8aTi19yq10EGZo3I21 rByz9FKUJsoSILrTA4btB6UiCPt8WPummYY1/HZOKtGFBz7rTM9qeH0wjUwDgJ7U L+2QyBu+10skb/9wHO8bPxfcItLGNgniz3PJiVYCcBRDxnmMqMLztMCC28AvNeLM bIeNk9QxCS94CuQnvdvCAbj4ToFzZz/QQBGwfvU9Hy2zXj20VaxIxsahH1JGQ4qR zXohuGGylWkJQU4N5Y7KhQOnj7m2soYBZBi/HhG5jcJdjPnVDIrEVb45Ocx0vvbh lyELAEkBagU+N0VbX9ZNJILV23PseNdMpszytQwpYd8ZqddCtDzfAXBYMq4lBTQj 8Ejl38VRxeBI3QawbpNTiGfT2oU6tMfXsh9pyvkiybYtA7F22DN4pHGaWp+8oMDl XlTlSk2bPE1aVuBwsIIy/xElD24WKx4KI6pKcUe1HNMNhZ/kR9lQmZ0z2IaWzFBl EREOGdCAwe7vdS/0/JWVhGwGel74axN/+nAGrQRmT2LCxux7ZiZXtTbwJs/jUlXi XdJA0I9wIr6yABUEfhoV =A2GT -----END PGP SIGNATURE----- --=-93zUpg8Nw+hApqJ3QWW+--
participants (3)
-
David Smith -
Fabian Deutsch -
Jorick Astrego