"We still do not fully understand the issue - specifically, why it does not happen in enforcing mode."
So my personal advice is to set SELinux in enforcing mode and wait for the next update to verify if this solves the issue.
Regards Il 7/6/22 11:59, Guillaume Pavese ha scritto:
I just had the same problem while upgrading a host from ovirt-node 4.4.10 to 4.5.1 This is all the more surprising since this host had selinux in permissive mode, I would not expect any selinux failures in that case.[root@ps-inf-int-kvm-fr-302-210 ~]# vdsm-tool configure --force Checking configuration status... lvm is configured for vdsm Managed volume database is already configured libvirt is already configured for vdsm SUCCESS: ssl configured to true. No conflicts Current revision of multipath.conf detected, preserving sanlock is configured for vdsm Running configure... libsepol.context_from_record: type insights_client_cache_t is not defined libsepol.context_from_record: could not create context structure libsepol.context_from_string: could not create context structure libsepol.sepol_context_to_sid: could not convert system_u:object_r:insights_client_cache_t:s0 to sid invalid context system_u:object_r:insights_client_cache_t:s0 libsemanage.semanage_validate_and_compile_fcontexts: setfiles returned error code 255. Traceback (most recent call last): File "/bin/vdsm-tool", line 209, in main return tool_command[cmd]["command"](*args) File "/usr/lib/python3.6/site-packages/vdsm/tool/__init__.py", line 40, in wrapper func(*args, **kwargs) File "/usr/lib/python3.6/site-packages/vdsm/tool/configurator.py", line 146, in configure _configure(c) File "/usr/lib/python3.6/site-packages/vdsm/tool/configurator.py", line 93, in _configure getattr(module, 'configure', lambda: None)() File "/usr/lib/python3.6/site-packages/vdsm/tool/configurators/sebool.py", line 88, in configure _setup_booleans(True) File "/usr/lib/python3.6/site-packages/vdsm/tool/configurators/sebool.py", line 60, in _setup_booleans sebool_obj.finish() File "/usr/lib/python3.6/site-packages/seobject.py", line 340, in finish self.commit() File "/usr/lib/python3.6/site-packages/seobject.py", line 330, in commit rc = semanage_commit(self.sh) OSError: [Errno 0] Error [root@ps-inf-int-kvm-fr-302-210 ~]# vdsm-tool configure --module sebool Checking configuration status... Running configure... libsepol.context_from_record: type insights_client_cache_t is not defined libsepol.context_from_record: could not create context structure libsepol.context_from_string: could not create context structure libsepol.sepol_context_to_sid: could not convert system_u:object_r:insights_client_cache_t:s0 to sid invalid context system_u:object_r:insights_client_cache_t:s0 libsemanage.semanage_validate_and_compile_fcontexts: setfiles returned error code 255. Traceback (most recent call last): File "/bin/vdsm-tool", line 209, in main return tool_command[cmd]["command"](*args) File "/usr/lib/python3.6/site-packages/vdsm/tool/__init__.py", line 40, in wrapper func(*args, **kwargs) File "/usr/lib/python3.6/site-packages/vdsm/tool/configurator.py", line 146, in configure _configure(c) File "/usr/lib/python3.6/site-packages/vdsm/tool/configurator.py", line 93, in _configure getattr(module, 'configure', lambda: None)() File "/usr/lib/python3.6/site-packages/vdsm/tool/configurators/sebool.py", line 88, in configure _setup_booleans(True) File "/usr/lib/python3.6/site-packages/vdsm/tool/configurators/sebool.py", line 60, in _setup_booleans sebool_obj.finish() File "/usr/lib/python3.6/site-packages/seobject.py", line 340, in finish self.commit() File "/usr/lib/python3.6/site-packages/seobject.py", line 330, in commit rc = semanage_commit(self.sh) OSError: [Errno 0] Error [root@ps-inf-int-kvm-fr-302-210 ~]# semodule -i /usr/share/selinux/packages/ovirt-vmconsole/ovirt_vmconsole.pp [root@ps-inf-int-kvm-fr-302-210 ~]# vdsm-tool configure --module sebool Checking configuration status... Running configure... Done configuring modules to VDSM. [root@ps-inf-int-kvm-fr-302-210 ~]# vdsm-tool configure --force Checking configuration status... Managed volume database is already configured lvm is configured for vdsm sanlock is configured for vdsm Current revision of multipath.conf detected, preserving libvirt is already configured for vdsm SUCCESS: ssl configured to true. No conflicts Running configure... Reconfiguration of passwd is done. Reconfiguration of libvirt is done. Done configuring modules to VDSM. Then I had to put the host into maintenance and reinstall it Guillaume Pavese IngénieurSystèmeet Réseau Interactiv-GroupOn Sat, Nov 20, 2021 at 2:22 AM <jason.rach...@gmail.com <mailto:jason.rach...@gmail.com>> wrote:This was a lifesaver. Thanks! I knew it was selinux, but didn't have the right .pp file. Thanks! _______________________________________________ Users mailing list -- users@ovirt.org <mailto:users@ovirt.org> To unsubscribe send an email to users-le...@ovirt.org <mailto:users-le...@ovirt.org> Privacy Statement: https://www.ovirt.org/privacy-policy.html <https://www.ovirt.org/privacy-policy.html> oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ <https://www.ovirt.org/community/about/community-guidelines/> List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/C7PXICFXDLE77GFC762VCVIOTDK7ODBJ/ <https://lists.ovirt.org/archives/list/users@ovirt.org/message/C7PXICFXDLE77GFC762VCVIOTDK7ODBJ/>Ce message et toutes les pièces jointes (ci-après le “message”) sont établis à l’intention exclusive de ses destinataires et sont confidentiels. Si vous recevez ce message par erreur, merci de le détruire et d’en avertir immédiatement l’expéditeur. Toute utilisation de ce message non conforme a sa destination, toute diffusion ou toute publication, totale ou partielle, est interdite, sauf autorisation expresse. L’internet ne permettant pas d’assurer l’intégrité de ce message . Interactiv-group (et ses filiales) décline(nt) toute responsabilité au titre de ce message, dans l’hypothèse ou il aurait été modifié. IT, ES, UK. <https://interactiv-group.com/disclaimer.html>_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/QUZQNSBOM5EWMRRD26WMA2UG5YIQNH3M/
-- gb PGP Key: http://pgp.mit.edu/ Primary key fingerprint: C510 0765 943E EBED A4F2 69D3 16CC DC90 B9CB 0F34
smime.p7s
Description: Firma crittografica S/MIME
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/EKV5BU2EQGN5CUHIUF4VQLYS57JDFVIT/
