On 12/16/2016 03:47 PM, lejeczek wrote: > hi everyone, > > I've a quest whose image resides on a gluster vol, with selinux I see: > > virsh # start rhel-work2 > error: Failed to start domain rhel-work2 > error: internal error: qemu unexpectedly closed the monitor: > (process:57641): GLib-WARNING **: gmem.c:482: custom memory allocation > vtable not supported > [2016-12-16 14:35:31.748659] E [MSGID: 104007] > [glfs-mgmt.c:637:glfs_mgmt_getspec_cbk] 0-glfs-mgmt: failed to fetch > volume file (key:QEMU-VMs) [Invalid argument] > 2016-12-16T14:35:32.728242Z qemu-kvm: -drive > file=gluster://127.0.0.1/QEMU-VMs/rhel-work2.qcow2,format=raw,if=none,id=drive-virtio-disk0: > Gluster connection failed for server=127.0.0.1 port=0 volume=QEMU-VMs > image=rhel-work2.qcow2 transport=tcp: Permission denied > > an attempt to catch sealerts I see only: > > ]$ ausearch -ts 14:28 | egrep -i '(virt|glust|qem)' | audit2allow > Please provide the output of ausearch | egrep without audit2allow, Raw AVC messages help to better understand the problem and an investigator can use audit2allow himself > #============= svirt_t ============== > > #!!!! WARNING: 'unlabeled_t' is a base type. > allow svirt_t unlabeled_t:dir write; > > and probably a lot more. > Before I start looking at silent denials - would there be a boolean for > libvirt+gluster ? > Try Red Hat Gluster Storage chapter [1] [1] https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/SELinux_Users_and_Administrators_Guide/index.html#chap-Managing_Confined_Services-glusterFS Petr _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
