----- Original Message ----- > From: "Brian Vetter" <[email protected]> > To: [email protected] > Cc: [email protected] > Sent: Wednesday, October 24, 2012 6:34:07 AM > Subject: [Users] SELinux policy issue with oVirt/sanlock > > I get the following AVC msg when trying to run a VM from the ovirt > admin tool: > > type=AVC msg=audit(1351051834.851:720): avc: denied { read } for > pid=979 comm="sanlock" name="8798edc0-dbd2-466d-8be9-1997f63e196f" > dev="dm-4" ino=3145737 > scontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 > tcontext=system_u:object_r:mnt_t:s0 tclass=lnk_file > > The file it is attempting to read I believe (from the sanlock.log > file) is the following: > > # ls -lZ > /rhev/data-center/a8ea368c-bc08-4e10-81e7-c8439bf7bd35/8798edc0-dbd2-466d-8be9-1997f63e196f/images/b029b5a6-9eb3-4a34-ad03-1ac4386e8c7c/71252c8f-68a9-495f-b5a6-4e8e035b56ea.lease > -rw-rw----. vdsm kvm system_u:object_r:nfs_t:s0 > > /rhev/data-center/a8ea368c-bc08-4e10-81e7-c8439bf7bd35/8798edc0-dbd2-466d-8be9-1997f63e196f/images/b029b5a6-9eb3-4a34-ad03-1ac4386e8c7c/71252c8f-68a9-495f-b5a6-4e8e035b56ea.lease
Hi Brian, please run the following commands and paste your output: getsetbool -a | grep sanlock cat /etc/libvirt/qemu.conf > > I'm no SELinux policy expert, so I 'm not sure what is exactly wrong. > The situation is that the VM image file is stored on an NFS file > server (in this case, configured using NFSv3). Both the client and > the server are fc17. The error occurs when trying to start the VM. > The version of oVirt I am using is a recent nightly build > (ovirt-engine -> 3.1.0-3.1345126685.git7649eed.fc17). I'd be making > a wild guess that the sanlock process doesn't have rights to open > some nfs resources but I'm way over the end of my skis. > > Brian > > _______________________________________________ > Users mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/users > _______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
