I recorded theese entries in the journal of the ovirt-engine installation:
Mar 30 03:48:45 ovirt-engine.ovirt setroubleshoot[73252]: SELinux is preventing /usr/bin/ovs-appctl from write access on the sock_file ovnnb_db.ctl. For complete SELinux messages run: sealert -l 3751a978-740c-468d-95fe-ee7fe083309a
Mar 30 03:48:45 ovirt-engine.ovirt setroubleshoot[73252]: SELinux is preventing /usr/bin/ovs-appctl from write access on the sock_file ovnnb_db.ctl.
***** Plugin catchall (100. confidence) suggests **************************
If you believe that ovs-appctl should be allowed write access on the ovnnb_db.ctl sock_file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'ovs-appctl' --raw | audit2allow -M my-ovsappctl
# semodule -X 300 -i my-ovsappctl.pp
Mar 30 03:48:45 ovirt-engine.ovirt setroubleshoot[73252]: AnalyzeThread.run(): Set alarm timeout to 10
Mar 30 03:48:47 ovirt-engine.ovirt setroubleshoot[73252]: AnalyzeThread.run(): Cancel pending alarm
I "resolved" following the instructions reported.
I include the rule files generated for your convenience:
selinux.tar.gz
I recorded theese entries in the journal of the ovirt-engine installation: Mar 30 03:48:45 ovirt-engine.ovirt setroubleshoot[73252]: SELinux is preventing /usr/bin/ovs-appctl from write access on the sock_file ovnnb_db.ctl. For complete SELinux messages run: sealert -l 3751a978-740c-468d-95fe-ee7fe083309a Mar 30 03:48:45 ovirt-engine.ovirt setroubleshoot[73252]: SELinux is preventing /usr/bin/ovs-appctl from write access on the sock_file ovnnb_db.ctl.
Mar 30 03:48:45 ovirt-engine.ovirt setroubleshoot[73252]: AnalyzeThread.run(): Set alarm timeout to 10 Mar 30 03:48:47 ovirt-engine.ovirt setroubleshoot[73252]: AnalyzeThread.run(): Cancel pending alarm
I "resolved" following the instructions reported. I include the rule files generated for your convenience: selinux.tar.gz