Hi, i have a problem with selinux enforced. When i tried to live remove a snapshot the operation failed . After some headache i found the problem source : selinux. When i "setenfore 0" the removal task work, when i "setenforce 1" removal task failed. log from audit.log: vc: denied {write} for pid = 28360 tmptext = system_u: object_r : fixed_disk_device_t: s0 tclass = blk_file I'm with RHEL 7.4 and ovirt 4.1, is it some specific configuration to do?. Thanks for help.
I reply myself if it can help somemone. I found a solution with audit2allow/audit2why creating a policy containing this : type systemd_machined_t; type svirt_t; type fixed_disk_device_t; class blk_file write; class dir search; } It seems to work, and i can keep my host in selinux enforced. ----- Mail original ----- De: "Lionel Caignec" <caignec@cines.fr> À: "users" <users@ovirt.org> Envoyé: Lundi 25 Septembre 2017 15:37:16 Objet: [ovirt-users] Snapshot removal vs selinux enforced Hi, i have a problem with selinux enforced. When i tried to live remove a snapshot the operation failed . After some headache i found the problem source : selinux. When i "setenfore 0" the removal task work, when i "setenforce 1" removal task failed. log from audit.log: vc: denied {write} for pid = 28360 tmptext = system_u: object_r : fixed_disk_device_t: s0 tclass = blk_file I'm with RHEL 7.4 and ovirt 4.1, is it some specific configuration to do?. Thanks for help. _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
participants (1)
-
Lionel Caignec