[Pacemaker] None of the standard agents in ocf:heartbeat are working in centos 6
Vladislav Bogdanov
bubble at hoster-ok.com
Mon Jul 30 00:21:12 EDT 2012
30.07.2012 02:39, Andrew Beekhof wrote:
> On Tue, Jul 24, 2012 at 2:25 PM, Vladislav Bogdanov
> <bubble at hoster-ok.com> wrote:
>> 24.07.2012 04:50, Andrew Beekhof wrote:
>>> On Tue, Jul 24, 2012 at 5:38 AM, David Barchas <dave at barchas.com> wrote:
>>>>
>>>> On Monday, July 23, 2012 at 7:48 AM, David Barchas wrote:
>>>>
>>>>
>>>> Date: Mon, 23 Jul 2012 14:15:27 +0300
>>>> From: Vladislav Bogdanov
>>>>
>>>> 23.07.2012 08:06, David Barchas wrote:
>>>>
>>>> Hello.
>>>>
>>>> I have been working on this for 3 days now, and must be so stressed out
>>>> that I am being blinded to what is probably an obvious cause of this. In
>>>> a word, HELP.
>>>>
>>>>
>>>> setenforce 0 ?
>>>>
>>>> i am familiar with it but have never had to disable it. I would be surprised
>>>> for packages in standard repos.
>>>
>>> No-one has written an selinux policy for pacemaker yet.
>>> I would imagine that will come in the next month or so.
>>>
>>
>> Highly appreciated. However lrmd part may be not as easy to implement
>> properly as it seems at the first glance.
>>
>
> You basically have to let the lrmd run unconfined.
> I don't think there is any sensible way to constraint something that,
> by design, needs to be able to perform arbitrary actions as root.
> To do otherwise you would need to enumerate every possible service +
> agent that anyone would ever want to write.
Will it (kernel and policy engine) make transition from unconfined_t to
appropriate selinux roles when services are stared?
More information about the Pacemaker
mailing list