[one-users] SELinux prevents KVM deployment
Дмитрий Усталов
dmitry at eveel.ru
Sun Sep 11 06:51:30 PDT 2011
Hello.
I'm trying to deploy OpenNebula 2.2.1 cluster with following
configuration:
1) `cf` (cloud front-end) node — oned + sunstone.
2) `one1` node — worker host using im_kvm, vmm_kvm, tm_ssh (host is
perfectly monitored by oned @ cf).
On one1 node I have Scientific Linux 6.1 installed with SELinux working
in enforcing targeted mode.
When I've tried to execute the sample VM with ttylinux
( http://opennebula.org/documentation:rel2.2:vmg ), my ttylinux VM fails
because of permission denied to disk image (the relevant oned.log
fragment is attached).
I guess, that is the trouble in security context so I've tried to modify
the tm_clone.sh script with chcon (like this:
http://equivocation.org/node/122 ), but nothing happened (the modified
script with `ls -laZR` output are attached, too).
Please, tell what should I do to make me, OpenNebula & SELinux happy
togeter.
Thanks.
--
Dmitry A. Ustalov
http://balcone.eveel.ru/
icq:1996961 xmpp:eveel at xmpp.ru
-------------- next part --------------
# ls -laZR
.:
drwxrwxr-x. oneadmin oneadmin unconfined_u:object_r:user_home_t:s0 .
drwxrwxr-x. oneadmin oneadmin unconfined_u:object_r:user_home_t:s0 ..
drwxrwxr-x. oneadmin oneadmin unconfined_u:object_r:user_home_t:s0 images
./images:
drwxrwxr-x. oneadmin oneadmin unconfined_u:object_r:user_home_t:s0 .
drwxrwxr-x. oneadmin oneadmin unconfined_u:object_r:user_home_t:s0 ..
-rw-rw-r--. oneadmin oneadmin unconfined_u:object_r:user_home_t:s0 deployment.0
-rw-rw-rw-. root root system_u:object_r:var_t:s0 disk.0
-------------- next part --------------
A non-text attachment was scrubbed...
Name: oned.log
Type: text/x-log
Size: 3018 bytes
Desc: not available
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20110911/aa65c1b0/attachment-0004.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: tm_clone.sh
Type: application/x-shellscript
Size: 1943 bytes
Desc: not available
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20110911/aa65c1b0/attachment-0005.bin>
More information about the Users
mailing list