On Sun, 2012-10-14 at 19:11 -0400, Federico Simoncelli wrote: > ----- Original Message ----- > > From: "Alexandre Santos" <santosa...@gmail.com> > > To: "Dan Kenigsberg" <dan...@redhat.com> > > Cc: "Haim Ateya" <hat...@redhat.com>, users@ovirt.org, "Federico > > Simoncelli" <fsimo...@redhat.com> > > Sent: Sunday, October 14, 2012 7:23:36 PM > > Subject: Re: [Users] Can't start a VM - sanlock permission denied > > > > 2012/10/13 Dan Kenigsberg < dan...@redhat.com > > > > > On Sat, Oct 13, 2012 at 11:25:37AM +0100, Alexandre Santos wrote: > > > Hi, > > > after getting to the oVirt Node console (F2) I figured out that > > > selinux > > > wasn't allowing the sanlock, so I entered the setsebool > > > virt_use_sanlock 1 > > > and the problem is fixed. > > > > Which version of vdsm is istalled on your node? and which > > selinux-policy? sanlock should work out-of-the-box. > > > > > > vdsm-4.10.0-10.fc17 > > > > on /etc/sysconfig/selinux > > SELINUX=enforcing > > SELINUXTYPE=targeted > > As far as I understand the selinux policies for the ovirt-node are set > by recipe/common-post.ks (in the ovirt-node repo): > > semanage boolean -m -S targeted -F /dev/stdin << \EOF_semanage > allow_execstack=0 > virt_use_nfs=1 > EOF_semanage > > We should update it with what vdsm is currently setting: > > virt_use_sanlock=1 > sanlock_use_nfs=1 >
Shouldn't vdsm be setting these if they're needed? I can certainly set the values, but IMO, if vdsm needs it, vdsm should set it. _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users