[Pacemaker] [RFC] working selinux policy module for pacemaker
Andrew Beekhof
andrew at beekhof.net
Fri Feb 22 02:45:21 EST 2013
On Fri, Feb 22, 2013 at 4:55 PM, Vladislav Bogdanov
<bubble at hoster-ok.com> wrote:
> 04.01.2013 13:56, Andrew Beekhof wrote:
>> On Fri, Jan 4, 2013 at 4:27 PM, Vladislav Bogdanov <bubble at hoster-ok.com> wrote:
>>> 04.01.2013 06:07, Andrew Beekhof wrote:
>>>> On Wed, Dec 19, 2012 at 7:33 PM, Vladislav Bogdanov
>>>> <bubble at hoster-ok.com> wrote:
>>>>> Hi all,
>>>>>
>>>>> I'd like to share my successful attempt to confine pacemaker.
>>>>>
>>>>> I took pacemaker module barebone found in latest fedora's selinux-policy (3.11.1-64.fc18) and
>>>>> extended it a bit, so now I have pacemaker and some pacemaker-managed services
>>>>> running confined.
>>>>
>>>> Sweet. I've passed your amendments on to Milos who is looking after
>>>> https://bugzilla.redhat.com/show_bug.cgi?id=801493
>>>
>>> I've extended it a bit more to run stonithd in fenced_t domain, so now
>>> everything I can imagine runs fine (verified on two clusters, including
>>> one with libvirt/qemu virtualization).
>>
>> Nice work :)
>>
>>> Where is the best place to follow up with that?
>>
>> Probably the redhat bug.
>
> I'm afraid no.
>
> It was just closed, and, looking at the errata package, I do not see any
> way to run any confined service with that.
>
> I saw your question about possibility to run resources there in a
> bug-report, but unfortunately I'm not allowed to see replies. Is it
> answered at all?
grumble.
/me goes off to kick somebody
More information about the Pacemaker
mailing list