22.02.2013 10:45, Andrew Beekhof wrote: > On Fri, Feb 22, 2013 at 4:55 PM, Vladislav Bogdanov > <bub...@hoster-ok.com> wrote: >> 04.01.2013 13:56, Andrew Beekhof wrote: >>> On Fri, Jan 4, 2013 at 4:27 PM, Vladislav Bogdanov <bub...@hoster-ok.com> >>> wrote: >>>> 04.01.2013 06:07, Andrew Beekhof wrote: >>>>> On Wed, Dec 19, 2012 at 7:33 PM, Vladislav Bogdanov >>>>> <bub...@hoster-ok.com> wrote: >>>>>> Hi all, >>>>>> >>>>>> I'd like to share my successful attempt to confine pacemaker. >>>>>> >>>>>> I took pacemaker module barebone found in latest fedora's selinux-policy >>>>>> (3.11.1-64.fc18) and >>>>>> extended it a bit, so now I have pacemaker and some pacemaker-managed >>>>>> services >>>>>> running confined. >>>>> >>>>> Sweet. I've passed your amendments on to Milos who is looking after >>>>> https://bugzilla.redhat.com/show_bug.cgi?id=801493 >>>> >>>> I've extended it a bit more to run stonithd in fenced_t domain, so now >>>> everything I can imagine runs fine (verified on two clusters, including >>>> one with libvirt/qemu virtualization). >>> >>> Nice work :) >>> >>>> Where is the best place to follow up with that? >>> >>> Probably the redhat bug. >> >> I'm afraid no. >> >> It was just closed, and, looking at the errata package, I do not see any >> way to run any confined service with that. >> >> I saw your question about possibility to run resources there in a >> bug-report, but unfortunately I'm not allowed to see replies. Is it >> answered at all? > > grumble. > /me goes off to kick somebody
You forgot to add "working tested" between "create" and "policy" in a bug subject. Anyways, such bug resolution is absolutely counter-productive imho. _______________________________________________ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
