I opened https://bugzilla.redhat.com/show_bug.cgi?id=877715 on vdsm
On Sun, Nov 18, 2012 at 11:44 AM, Jorick Astrego <[email protected]> wrote: > Cristian, > > This is the link for bug reports: > > https://bugzilla.redhat.com/enter_bug.cgi?product=oVirt > > Regards, > > Jorick > > > On 11/17/2012 06:16 PM, Cristian Falcas wrote: > > Please let me know how to do this, or if it's enough the bellow info. > > In the logs I found this when trying to activate the storage: > > Nov 17 16:57:58 localhost sanlock[11899]: 2012-11-17 16:57:58+0200 29123 > [13385]: open error -13 /rhev/data-center/mnt/_media_ > ceva2_Ovirt_Storage/f021f6dd-0f88-4d5e-842f-b54e8cb5f846/dom_md/ids > Nov 17 16:57:58 localhost sanlock[11899]: 2012-11-17 16:57:58+0200 29123 > [13385]: s1956 open_disk > /rhev/data-center/mnt/_media_ceva2_Ovirt_Storage/f021f6dd-0f88-4d5e-842f-b54e8cb5f846/dom_md/ids > error -13 > Nov 17 16:57:59 localhost setroubleshoot: SELinux is preventing > /usr/sbin/sanlock from search access on the directory Storage. For complete > SELinux messages. run sealert -l 026bd86b-153c-403a-ab2d-043e381be6cc > Nov 17 16:58:01 localhost vdsm TaskManager.Task ERROR > Task=`eb4b34ff-04a8-4d12-9338-ebce08f554ca`::Unexpected error > > Running the sealert command : > > > root@localhost log]# sealert -l 026bd86b-153c-403a-ab2d-043e381be6cc > SELinux is preventing /usr/sbin/sanlock from search access on the > directory Storage. > > ***** Plugin catchall (100. confidence) suggests > *************************** > > If you believe that sanlock should be allowed search access on the Storage > directory by default. > Then you should report this as a bug. > You can generate a local policy module to allow this access. > Do > allow this access for now by executing: > # grep sanlock /var/log/audit/audit.log | audit2allow -M mypol > # semodule -i mypol.pp > > > Additional Information: > Source Context system_u:system_r:sanlock_t:s0-s0:c0.c1023 > Target Context unconfined_u:object_r:public_content_rw_t:s0 > Target Objects Storage [ dir ] > Source sanlock > Source Path /usr/sbin/sanlock > Port <Unknown> > Host localhost.localdomain > Source RPM Packages sanlock-2.4-2.fc17.x86_64 > Target RPM Packages > Policy RPM selinux-policy-3.10.0-159.fc17.noarch > Selinux Enabled True > Policy Type targeted > Enforcing Mode Enforcing > Host Name localhost.localdomain > Platform Linux localhost.localdomain > 3.6.6-1.fc17.x86_64 #1 > SMP Mon Nov 5 21:59:35 UTC 2012 x86_64 x86_64 > Alert Count 1980 > First Seen 2012-11-16 11:03:19 EET > Last Seen 2012-11-17 16:58:18 EET > Local ID 026bd86b-153c-403a-ab2d-043e381be6cc > > Raw Audit Messages > type=AVC msg=audit(1353164298.898:5507): avc: denied { search } for > pid=13449 comm="sanlock" name="Storage" dev="dm-12" ino=4456450 > scontext=system_u:system_r:sanlock_t:s0-s0:c0.c1023 > tcontext=unconfined_u:object_r:public_content_rw_t:s0 tclass=dir > > > type=SYSCALL msg=audit(1353164298.898:5507): arch=x86_64 syscall=open > success=no exit=EACCES a0=7f50b80009c8 a1=105002 a2=0 a3=0 items=0 ppid=1 > pid=13449 auid=4294967295 uid=179 gid=179 euid=179 suid=179 fsuid=179 > egid=179 sgid=179 fsgid=179 tty=(none) ses=4294967295 comm=sanlock > exe=/usr/sbin/sanlock subj=system_u:system_r:sanlock_t:s0-s0:c0.c1023 > key=(null) > > Hash: sanlock,sanlock_t,public_content_rw_t,dir,search > > audit2allow > > #============= sanlock_t ============== > allow sanlock_t public_content_rw_t:dir search; > > audit2allow -R > > #============= sanlock_t ============== > allow sanlock_t public_content_rw_t:dir search; > > > On Fri, Nov 16, 2012 at 7:51 PM, Federico Simoncelli > <[email protected]>wrote: > >> ----- Original Message ----- >> > From: "Cristian Falcas" <[email protected]> >> > To: "Federico Simoncelli" <[email protected]> >> > Cc: "Jorick Astrego" <[email protected]>, [email protected] >> > Sent: Friday, November 16, 2012 6:47:50 PM >> > Subject: Re: [Users] could not add local storage domain >> > >> > it's working for me with the latest files. >> > >> > Current issues: >> > - You need to create the db user as superuser >> > - disable selinux. >> >> Can you grab the relevant AVC errors and report them in a bug? >> >> Thanks, >> -- >> Federico >> > > > > -- > Met vriendelijke groet, > > Jorick Astrego > > Netbulae B.V. > Staalsteden 4-13 > 7547 TA Enschede > > Tel. +31 (0)53 - 20 30 270 > > Email: [email protected] > Site: http://www.netbulae.eu > >
_______________________________________________ Users mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/users
