On Mon, Jul 30, 2012 at 2:21 PM, Vladislav Bogdanov <bub...@hoster-ok.com> wrote: > 30.07.2012 02:39, Andrew Beekhof wrote: >> On Tue, Jul 24, 2012 at 2:25 PM, Vladislav Bogdanov >> <bub...@hoster-ok.com> wrote: >>> 24.07.2012 04:50, Andrew Beekhof wrote: >>>> On Tue, Jul 24, 2012 at 5:38 AM, David Barchas <d...@barchas.com> wrote: >>>>> >>>>> On Monday, July 23, 2012 at 7:48 AM, David Barchas wrote: >>>>> >>>>> >>>>> Date: Mon, 23 Jul 2012 14:15:27 +0300 >>>>> From: Vladislav Bogdanov >>>>> >>>>> 23.07.2012 08:06, David Barchas wrote: >>>>> >>>>> Hello. >>>>> >>>>> I have been working on this for 3 days now, and must be so stressed out >>>>> that I am being blinded to what is probably an obvious cause of this. In >>>>> a word, HELP. >>>>> >>>>> >>>>> setenforce 0 ? >>>>> >>>>> i am familiar with it but have never had to disable it. I would be >>>>> surprised >>>>> for packages in standard repos. >>>> >>>> No-one has written an selinux policy for pacemaker yet. >>>> I would imagine that will come in the next month or so. >>>> >>> >>> Highly appreciated. However lrmd part may be not as easy to implement >>> properly as it seems at the first glance. >>> >> >> You basically have to let the lrmd run unconfined. >> I don't think there is any sensible way to constraint something that, >> by design, needs to be able to perform arbitrary actions as root. >> To do otherwise you would need to enumerate every possible service + >> agent that anyone would ever want to write. > > Will it (kernel and policy engine) make transition from unconfined_t to > appropriate selinux roles when services are stared?
One would hope so, I don't have enough selinux knowledge to know for sure. _______________________________________________ Pacemaker mailing list: Pacemaker@oss.clusterlabs.org http://oss.clusterlabs.org/mailman/listinfo/pacemaker Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
