[Pacemaker] [RFC] working selinux policy module for pacemaker
Andrew Beekhof
andrew at beekhof.net
Fri Jan 4 05:56:29 EST 2013
On Fri, Jan 4, 2013 at 4:27 PM, Vladislav Bogdanov <bubble at hoster-ok.com> wrote:
> 04.01.2013 06:07, Andrew Beekhof wrote:
>> On Wed, Dec 19, 2012 at 7:33 PM, Vladislav Bogdanov
>> <bubble at hoster-ok.com> wrote:
>>> Hi all,
>>>
>>> I'd like to share my successful attempt to confine pacemaker.
>>>
>>> I took pacemaker module barebone found in latest fedora's selinux-policy (3.11.1-64.fc18) and
>>> extended it a bit, so now I have pacemaker and some pacemaker-managed services
>>> running confined.
>>
>> Sweet. I've passed your amendments on to Milos who is looking after
>> https://bugzilla.redhat.com/show_bug.cgi?id=801493
>
> I've extended it a bit more to run stonithd in fenced_t domain, so now
> everything I can imagine runs fine (verified on two clusters, including
> one with libvirt/qemu virtualization).
Nice work :)
> Where is the best place to follow up with that?
Probably the redhat bug.
More information about the Pacemaker
mailing list