avc errors when trying to use fence_vmware_soap

Solution Unverified - Updated 6 Aug 2024

Environment

Red Hat Enterprise Linux Server 6 (with the High Availability Add on)

Issue

avc errors when trying to use fence_vmware_soap

Jun 18 01:28:36 node1 fenced[1586]: fence node2 failed
Jun 18 01:28:55 node1 kernel: type=1400 audit(1339997335.967:55773): avc:  denied  { read } for  pid=30034 comm="fence_vmware_so" name="suds" dev=dm-1 ino=8193 scontext=system_u:system_r:fenced_t:s0 tcontext=unconfined_u:object_r:user_tmp_t:s0 tclass=dir

Resolution

The following errata resolves this issue: RHBA-2013-0314.
A workaround would be to do the following:

Change selinux policy to non-enforcing mode
Issue a fence_ack_manual to cause recovery to complete

Root Cause

There are avc errors occurring on fence_vmware_soap when the binary attempts to fence a cluster node.

Diagnostic Steps

Search the messages logs for avc denial errors in the file /var/log/messages when a cluster node is fenced. The messages will look similar to the messages described in the Issue section of this article.

SBR

Clusterha

Product(s)

Red Hat Enterprise Linux

Components

cluster

Category

Troubleshoot

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.