problems with <seclabel> when restarting libvirtd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I had libvirtd build from 0.9.2+something running on my test machine. There was a single guest running on it.

I grabbed the latest libvirt from git (0.9.3+??), built an rpm, and installed it. My guest reconnected with no problems, but I was unable to start new guests due to an selinux problem with the labeling of the image file. Interestingly, I found that I could shutdown and restart the one guest that had been running at the time of the upgrade. *Until* I restarted libvirtd again while the guest was stopped. After this point, I could no longer start that guest either.

I then set selinux to permissive mode and was able to start my original guest. Then I restarted libvirtd and found that, although the qemu-kvm process was still running, libvirtd couldn't reconnect to the guest. When I looked at the logs, I saw this:

error: virSecurityLabelDefParseXML:5073 : unsupported configuration: dynamic label type must use resource relabeling

In the domain state file, I see this:

| <seclabel type='dynamic' model='selinux' relabel='no'>
| <label>system_u:system_r:svirt_t:s-:c419,c955</label>
| </seclabel>

The data in the state file was written by the same version of libvirtd that wrote it. So why did it write something it knows it doesn't support?

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]