A RHEL 6 High Availability cluster node using the fence_scsi watchdog script reboots repeatedly as soon as watchdog starts when SELinux is enforcing
Issue
- When watchdog and
SELinuxare enabled, thefence_scsiwatchdog script fails and the node goes into a reboot loop.
Oct 25 14:59:41 node1 watchdog[9989]: test binary /etc/watchdog.d/fence_scsi_check.pl returned 13
Oct 25 14:59:41 node1 watchdog[10297]: shutting down the system because of error 13
- The
fence_scsi_check.plscript triggers SELinux warnings / denials
Oct 25 14:59:46 node1 setroubleshoot: SELinux is preventing /usr/sbin/watchdog from execute access on the file /etc/watchdog.d/fence_scsi_check.pl. For complete SELinux messages. run sealert -l e6603a76-3bc0-413a-ad6b-d7467736fdf4
Oct 25 14:59:46 node1 setroubleshoot: SELinux is preventing /usr/sbin/watchdog from execute access on the file /etc/watchdog.d/fence_scsi_check.pl. For complete SELinux messages. run sealert -l e6603a76-3bc0-413a-ad6b-d7467736fdf4
Oct 25 14:59:47 node1 setroubleshoot: SELinux is preventing /usr/sbin/sendmail.postfix from read access on the file /var/log/watchdog/repair-bin.stderr. For complete SELinux messages. run sealert -l bba7669f-446c-40de-a104-9c80d21f334b
fence_scsi_check_hardreboot.pldoesn't work with SELinux in enforcing mode
Environment
- Red Hat Enterprise Linux (RHEL) 6 with the High Availability Add-On
- SELinux in enforcing mode
- Either
fence_scsi_check.plorfence_scsi_check_hardreboot.plis enabled by having it linked/copied to/etc/watchdog.d, and thewatchdogdaemon is enabled
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
