seems like glusterfs.x86_64 0:3.7.18-1.el7 (from oVirt)
fixes it, problem exists in glusterfs-3.7.16-1.el7.x86_64
On 16/12/16 15:03, Petr Lautrbach wrote:
On 12/16/2016 03:47 PM, lejeczek wrote:
hi everyone,
I've a quest whose image resides on a gluster vol, with selinux I see:
virsh # start rhel-work2
error: Failed to start domain rhel-work2
error: internal error: qemu unexpectedly closed the monitor:
(process:57641): GLib-WARNING **: gmem.c:482: custom memory allocation
vtable not supported
[2016-12-16 14:35:31.748659] E [MSGID: 104007]
[glfs-mgmt.c:637:glfs_mgmt_getspec_cbk] 0-glfs-mgmt: failed to fetch
volume file (key:QEMU-VMs) [Invalid argument]
2016-12-16T14:35:32.728242Z qemu-kvm: -drive
file=gluster://127.0.0.1/QEMU-VMs/rhel-work2.qcow2,format=raw,if=none,id=drive-virtio-disk0:
Gluster connection failed for server=127.0.0.1 port=0 volume=QEMU-VMs
image=rhel-work2.qcow2 transport=tcp: Permission denied
an attempt to catch sealerts I see only:
]$ ausearch -ts 14:28 | egrep -i '(virt|glust|qem)' | audit2allow
Please provide the output of ausearch | egrep without audit2allow, Raw
AVC messages help to better understand the problem and an investigator
can use audit2allow himself
#============= svirt_t ==============
#!!!! WARNING: 'unlabeled_t' is a base type.
allow svirt_t unlabeled_t:dir write;
and probably a lot more.
Before I start looking at silent denials - would there be a boolean for
libvirt+gluster ?
Try Red Hat Gluster Storage chapter [1]
[1]
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/SELinux_Users_and_Administrators_Guide/index.html#chap-Managing_Confined_Services-glusterFS
Petr
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
