Hi all, I've been using KVM-based VMs as a testbed for clusters for ages, always using fence_virsh.
I noticed today though that fence_virsh is now being blocked by selinux (rhel 6.7, fully updated as of today): type=AVC msg=audit(1441752343.878:3269): avc: denied { execute } for pid=8848 comm="fence_virsh" name="ssh" dev=vda2 ino=2103935 scontext=unconfined_u:system_r:fenced_t:s0 tcontext=system_u:object_r:ssh_exec_t:s0 tclass=file type=SYSCALL msg=audit(1441752343.878:3269): arch=c000003e syscall=21 success=no exit=-13 a0=1a363a0 a1=1 a2=7f02aa7f89e8 a3=7ffdff0dc7c0 items=0 ppid=7759 pid=8848 auid=0 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=27 comm="fence_virsh" exe="/usr/bin/python" subj=unconfined_u:system_r:fenced_t:s0 key=(null) t [root@node1 ~]# rpm -q fence-agents cman corosync fence-agents-4.0.15-8.el6.x86_64 cman-3.0.12.1-73.el6.1.x86_64 corosync-1.4.7-2.el6.x86_64 [root@node1 ~]# cat /etc/redhat-release Red Hat Enterprise Linux Server release 6.7 (Santiago) I'll post a follow-up if I can sort out how to fix it. My selinux-fu is weak... -- Digimer Papers and Projects: https://alteeve.ca/w/ What if the cure for cancer is trapped in the mind of a person without access to education? _______________________________________________ Users mailing list: Users@clusterlabs.org http://clusterlabs.org/mailman/listinfo/users Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org