[Users] SELinux policy issue with oVirt/sanlock

[Federico Simoncelli]

----- Original Message -----
> From: "Haim Ateya" <hateya at redhat.com>
> To: "Brian Vetter" <bjvetter at gmail.com>
> Cc: users at ovirt.org, selinux at lists.fedoraproject.org
> Sent: Wednesday, October 24, 2012 7:03:39 PM
> Subject: Re: [Users] SELinux policy issue with oVirt/sanlock
> 
> ----- Original Message -----
> > From: "Brian Vetter" <bjvetter at gmail.com>
> > To: "Haim Ateya" <hateya at redhat.com>
> > Cc: users at ovirt.org, selinux at lists.fedoraproject.org
> > Sent: Wednesday, October 24, 2012 6:24:31 PM
> > Subject: Re: [Users] SELinux policy issue with oVirt/sanlock
> > 
> > I removed lock_manager=sanlock from the settings file, restarted
> > the
> > daemons, and all works fine right now. I'm guessing that means
> > there
> > is no locking of the VMs (the default?).
> 
> that's right, i'm glad it works for you, but it just a workaround
> since we expect this configuration to work, it would be much
> appreciated if you
> could open a bug on that issue so we can track and resolve when
> possible.
> please attach all required logs such as: vdsm.log, libvirtd.log,
> qemu.log (under /var/log/libvirt/qemu/), audit.log, sanlock.log and
> /var/log/messages.

What's the bug number? To clarify/recap:

- the lock_manager=sanlock configuration is correct (and it shouldn't
  be removed)
- you should set setenforce 0 (with lock_manager=sanlock) and try to
  start a VM; all the avc errors that you find in /var/log/messages
  and in /var/log/audit/audit.log should be used to open a selinux
  policy bug

-- 
Federico