A RHEL 6 High Availability cluster node using the fence_scsi watchdog script reboots repeatedly as soon as watchdog starts when SELinux is enforcing

Solution Unverified - Updated -

Issue

  • When watchdog and SELinux are enabled, the fence_scsi watchdog script fails and the node goes into a reboot loop.
Oct 25 14:59:41 node1 watchdog[9989]: test binary /etc/watchdog.d/fence_scsi_check.pl returned 13
Oct 25 14:59:41 node1 watchdog[10297]: shutting down the system because of error 13
  • The fence_scsi_check.pl script triggers SELinux warnings / denials
Oct 25 14:59:46 node1 setroubleshoot: SELinux is preventing /usr/sbin/watchdog from execute access on the file /etc/watchdog.d/fence_scsi_check.pl. For complete SELinux messages. run sealert -l e6603a76-3bc0-413a-ad6b-d7467736fdf4
Oct 25 14:59:46 node1 setroubleshoot: SELinux is preventing /usr/sbin/watchdog from execute access on the file /etc/watchdog.d/fence_scsi_check.pl. For complete SELinux messages. run sealert -l e6603a76-3bc0-413a-ad6b-d7467736fdf4
Oct 25 14:59:47 node1 setroubleshoot: SELinux is preventing /usr/sbin/sendmail.postfix from read access on the file /var/log/watchdog/repair-bin.stderr. For complete SELinux messages. run sealert -l bba7669f-446c-40de-a104-9c80d21f334b
  • fence_scsi_check_hardreboot.pl doesn't work with SELinux in enforcing mode

Environment

  • Red Hat Enterprise Linux (RHEL) 6 with the High Availability Add-On
  • SELinux in enforcing mode
  • Either fence_scsi_check.pl or fence_scsi_check_hardreboot.pl is enabled by having it linked/copied to /etc/watchdog.d, and the watchdog daemon is enabled

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content