[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Linux-cluster] unable to live migrate a vm in rh el 6: Migration unexpectedly failed



On Mon, Mar 07, 2011 at 11:10:08PM +0100, Gianluca Cecchi wrote:
> On Mon, 7 Mar 2011 16:52:00 -0500 Lon Hohberger wrote:
> 
> > Check /var/log/audit/audit.log for an AVC denial around self:capability
> > setpcap for xm_t?
> 
> Uhm,
> SElinux is disabled on both nodes (I'll cross check tomorrow anyway)
> and auditd is chkconfig off too (even if I notice in rh el 6 many
> audit messages related to cron writing in /var/log/messages...)
> Could it be of any help an "strace -f" of the virsh command where I
> can see the ssh and netcat forked calls but am not able to identify
> the point where eventually there is something strange?
> 

Nothing comes to mind; in my RHEL6 development cluster, I have a
custom SELinux policy:

#==== cut 

module clusterlocal 1.0;

require {
        type xm_t;
        type debugfs_t;
        type fenced_t;
        type mount_t;
        type telnetd_port_t;
        class capability setpcap;
        class tcp_socket name_connect;
        class dir mounton;
}

allow fenced_t telnetd_port_t:tcp_socket name_connect;
allow mount_t debugfs_t:dir mounton;
allow xm_t self:capability setpcap;

#=== end cut

And the following firewall rules:

-A INPUT -p tcp -m state --state NEW -m multiport --dports 21064 -j
ACCEPT
-A INPUT -p tcp -m state --state NEW -m multiport --dports 11111 -j
ACCEPT
-A INPUT -p udp -m state --state NEW -m multiport --dports 5404,5405 -j
ACCEPT

I'm using bridging (as documented in the RHEL6 documentation) and
everything pretty much just works.

Are you seeing any other notable behaviors, besides the migration
failing?

-- 
Lon Hohberger - Red Hat, Inc.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]