On Fri, Mar 9, 2012 at 3:11 PM, Laine Stump <laine@xxxxxxxxx> wrote:
> On 03/09/2012 09:16 AM, Jiri Denemark wrote:
>> Hi.
>>
>> On Fri, Mar 09, 2012 at 11:32:47 +0000, Stefan Hajnoczi wrote:
>> ...
>>> static __inline__ int platform_test_xfs_fd(int fd)
>>> {
>>> struct statfs buf;
>>> if (fstatfs(fd, &buf) < 0)
>>> return 0;
>>> return (buf.f_type == 0x58465342); /* XFSB */
>>> }
>>>
>>> In other words, XFS detection will fail when SELinux is enabled.
>>>
>>> I'm not familiar with libvirt's use of SELinux. Can someone explain
>>> if we need to expand the policy in libvirt and how to do that?
>> Actually, there is no SELinux policy in libvirt. Libvirt merely uses an
>> appropriate security context when running qemu processes. The rules what such
>> processes can do and what they are forbidden to do are described in SELinux
>> policy which is provided as a separate package (or packages on some distros).
>> So it's this policy (selinux-policy package on Fedora based distros) which
>> would need to be expanded. Thus it should be negotiated with SELinux policy
>> maintainers if they are willing to allow svirt_t domain calling fstatfs.
>
> (Also, since the problem occurs on NFS, this may need to be somehow
> related to virt_use_nfs being turned on.)
No, this XFS situation is independent of NFS. It's another codepath
in QEMU where fstatfs(2) is called, I found it this morning.
Stefan
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list