Re: [ovirt-users] SELinux and oVirt

Hi Michal, I re-installed the OS and then oVirt on that node, with SELinux enabled, and that has resolved the issue. Thanks for your help. Cheers, Cam On Wed, May 25, 2016 at 7:24 PM, Michal Skrivanek wrote: > > > On 25 May 2016, at 19:29, Cam Mac

Re: [ovirt-users] SELinux and oVirt

> On 25 May 2016, at 19:29, Cam Mac wrote: > > Hi Michal, > > Ran restorecon -r on '/' (and restarted vdsmd and other services): it is > still getting selinux errors. I'd like to keep selinux running, especially as > it is officially supported Yeah. Hm, dunno why it

Re: [ovirt-users] SELinux and oVirt

Hi Michal, Ran restorecon -r on '/' (and restarted vdsmd and other services): it is still getting selinux errors. I'd like to keep selinux running, especially as it is officially supported (and works on the other node), so I guess the best option is to reinstall the OS and then install ovirt

Re: [ovirt-users] SELinux and oVirt

> On 25 May 2016, at 19:12, Cam Mac wrote: > > I'll try that - presumably on the paths it is complaining about, and the qemu > binarys? It shouldn't hurt on /, it should only help:) And if it complains e.g. on attached nfs, the i suppose you need to run it there too >

Re: [ovirt-users] SELinux and oVirt

I'll try that - presumably on the paths it is complaining about, and the qemu binarys? On Wed, May 25, 2016 at 4:59 PM, Michal Skrivanek < michal.skriva...@redhat.com> wrote: > > On 25 May 2016, at 17:35, Cam Mac wrote: > > Hi Michal, > > I chose the 'reinstall node' option

Re: [ovirt-users] SELinux and oVirt

> On 25 May 2016, at 17:35, Cam Mac wrote: > > Hi Michal, > > I chose the 'reinstall node' option from the GUI menu, which appeared to go > ok, however, I still cannot create or migrate a VM on that node. I can see > selinux 'denied' messages relating to qemu-kvm, e.g.: >

Re: [ovirt-users] SELinux and oVirt

Hi Michal, I chose the 'reinstall node' option from the GUI menu, which appeared to go ok, however, I still cannot create or migrate a VM on that node. I can see selinux 'denied' messages relating to qemu-kvm, e.g.: type=AVC msg=audit(1464189232.136:251): avc: denied { read } for pid=4019

Re: [ovirt-users] SELinux and oVirt

Ah, ok that makes sense. For the node, is it enough to use the 'reinstall node' option from the GUI, or is it better to reinstall the OS and then deploy it again? Thanks, Cam On Wed, May 11, 2016 at 2:40 PM, Michal Skrivanek < michal.skriva...@redhat.com> wrote: > > On 11 May 2016, at 15:24,

Re: [ovirt-users] SELinux and oVirt

> On 11 May 2016, at 15:24, Cam Mac wrote: > > Thanks Michal, if reinstalling the engine, (which also had SELinux disabled > at install), would the best way be to backup the engine and then restore just > the ovirt config? for engine..well, VM security is not related to

Re: [ovirt-users] SELinux and oVirt

> On 11 May 2016, at 15:02, Cam Mac wrote: > > Hi, > > In the oVirt guide, it says that "SELinux is being used by default on oVirt > Node", but then goes on to say that if you have problems you should set it to > permissive mode. I have had a few things fail due to being

Re: [ovirt-users] selinux on oVirt Node

afaik you need to disable selinux by passing the relevant parameter direct via kernel boot options. search the ML or the net if you need the exact command line. HTH Am 23.05.2014 10:36, schrieb Simon Barrett: I set SELINUX=disabled in /etc/selinux/config and ran a persist

Re: [ovirt-users] selinux on oVirt Node

Policy from config file:targeted # cat /selinux/enforce 0 Thanks for the information. Simon -Original Message- From: users-boun...@ovirt.org [mailto:users-boun...@ovirt.org] On Behalf Of Sven Kieske Sent: 23 May 2014 09:45 To: users@ovirt.org Subject: Re: [ovirt-users] selinux