[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] sanlock: Enhance error message to point to possible problem with selinux



On Thu, Mar 15, 2012 at 05:23:09PM +0100, Peter Krempa wrote:
> If the connection to the sanlock daemon is forbidden by selinux the
> error message was not clear enough. This patch adds a check if proper
> configuration for selinux is used while trying to connect to sanlock.
> 
> *src/locking/lock_driver_sanlock.c:
>         - add macro virLockSystemError that checks for selinux and
>           reports an improved error message
>         - modify calls of virReportSystemError to the new macro in
>           apropriate places
> 
> Background:
> https://bugzilla.redhat.com/show_bug.cgi?id=770488

IMHO this is not something we should do here. You're outputing the
message regardless of whether there is even an NFS volume involved,
and harcoding details of the SELinux policy. Finally I don't think
we should blindly tell people to change SELinux tunables without
explaining the implications, which is not practical in an error
message.

So, IMHO, this belongs in documentation, not in the error messages
here.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]