Enable selinux permissive / enforcing for Virtual Fire Drill
Created: 11 Jan 2011 | Updated: 02 May 2011 | 4 comments
Status:
On Roadmap
Virtual fire drill sometimes fails in oracle.vfd and getid when running the virtual fire drill. Linux permissions however are identical. For Example:
[root@a0-27 ~]# hares -action ora_rac_res owner.vfd -sys a0-28
VCS WARNING V-16-20002-13325 Resource (ora_rac_res) - action (owner.vfd) failed with return value (1). Output is:
user oracle or group id differs from that on system a0-27
Can the owner.vfd and getid perl scripts be modified to ignore the selinux context?
This suggestion / enhancement came out of case 413-222-064 where LBN shows that selinux must be disabled:
http://www.symantec.com/business/support/index?pag...
However this would be a useful security enhancement to be able to use it.
Idea Filed Under:
Comments 4 Comments • Jump to latest comment
Suggestion added to this is to either modify the owner.vfd script to only look at the columns regarding UID and GID or change the reported result in the VOM interface so it clearly states why the test fails, different contexts.
Please can you specify which product (SFCFS? SF/HA?) you are using? As noted in the LBN, we do not support SFCFS for Oracle, SF Oracle, SFCFS-RAC and SF DB2 with SE Linux enabled. Do you observe the above issue when using any of the products that we support with SELinux enabled?
This is SF HA 5.0 MP3 on Redhat 5.
rpm -qa shows:
VRTSvcs-5.0.30.00-MP3_RHEL5
VRTSvxfs-common-5.0.30.00-MP3_RHEL5
VRTSvxvm-common-5.0.30.00-MP3_RHEL5
Thanks for the valuable suggestion - we have factored this into the roadmap for the next VCS release and will also explore back-porting the fix to earlier releases.
Would you like to reply?
Login or Register to post your comment.