[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Linux-cluster] RHEL 5.3: Joining fence domain hangs when selinux is enabled

I'm assuming that you're running the Targeted policy and not the strict policy...

RHEL5 has a module for ccs, but I haven't taken it apart. The files for fencing may be incorrectly labeled or the policy doesn't allow fenced to run correctly.

Look at your /var/log/audit/audit.log files and see what's being denied. You may want to install sealert and setroubleshootd so you can browse the messages. First, check the file contexts of the files that are appearing in your audit logs.  Nothing should be default_t. If anything looks out of whack, try restoring the correct file contexts with restorecon and see if the file contexts have changed.  If you're feeling brave, you can start writing a custom policy module to permit fenced to start up.

The audit logs will tell you everything, and where you will need to start. I managed to knock out a policy for 389Server in about an hour, but I had the benefit of just coming back from Redhat's SELinux class.

On Wed, Aug 12, 2009 at 9:15 AM, de Jong, MarkJan <deJongm teoco com> wrote:

It seems that with selinux enabled, fencing hangs during ‘service cman start’.


When selinux is set to enforcing, the cman startup script hangs at “Starting fencing ….” and never times out.

There are NO logs related to the event in /var/log/audit/audit.log, nor anything telling in /var/log/messages. ‘fence_tool dump’ also does not provide any further details.


After setting selinux to permissive, fencing starts up without incident.


I’m using the following packages:





Let me know if I can provide any further info.



Mark de Jong





PLEASE NOTE: The information contained in this message is privileged and confidential, and is intended only for the use of the individual to whom it is addressed and others who have been specifically authorized to receive it. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, or if any problems occur with transmission, please contact sender. Thank you.

Linux-cluster mailing list
Linux-cluster redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]