Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Enable selinux permissive / enforcing for Virtual Fire Drill

Created: 11 Jan 2011 • Updated: 02 May 2011 | 4 comments
gafelli's picture
1 Agree
0 Disagree
+1 1 Vote
Login to vote
Status: On Roadmap

Virtual fire drill sometimes fails in oracle.vfd and getid when running the virtual fire drill.  Linux permissions however are identical.  For Example:

[root@a0-27 ~]#   hares -action ora_rac_res owner.vfd -sys a0-28
VCS WARNING V-16-20002-13325 Resource (ora_rac_res) - action (owner.vfd) failed with return value (1). Output is:
user oracle or group id differs from that on system a0-27

Can the owner.vfd and getid perl scripts be modified to ignore the selinux context?

This suggestion / enhancement came out of case 413-222-064 where LBN shows that selinux must be disabled:

http://www.symantec.com/business/support/index?pag...

However this would be a useful security enhancement to be able to use it.

Comments 4 CommentsJump to latest comment

maxan's picture

Suggestion added to this is to either modify the owner.vfd script to only look at the columns regarding UID and GID or change the reported result in the VOM interface so it clearly states why the test fails, different contexts.

0
Login to vote
Ranga Rajagopalan's picture

Please can you specify which product (SFCFS? SF/HA?) you are using? As noted in the LBN, we do not support SFCFS for Oracle, SF Oracle, SFCFS-RAC and SF DB2 with SE Linux enabled. Do you observe the above issue when using any of the products that we support with SELinux enabled?

0
Login to vote
gafelli's picture

This is SF HA 5.0 MP3 on Redhat 5.

rpm -qa shows:

VRTSvcs-5.0.30.00-MP3_RHEL5

VRTSvxfs-common-5.0.30.00-MP3_RHEL5

VRTSvxvm-common-5.0.30.00-MP3_RHEL5

0
Login to vote
Ranga Rajagopalan's picture

Thanks for the valuable suggestion - we have factored this into the roadmap for the next VCS release and will also explore back-porting the fix to earlier releases.

0
Login to vote