On 05/26/2013 08:56 PM, yue wrote: [please don't top-post on technical lists] > hi. > my environment: centos 6.3, qemu 1.5(source code build), libvirt libvirt-0.10.2-18.el6_4.2.x86_64.selinux enforce . It's best to use the entire stack from your distro, or to self-build the entire stack. Mixing newer qemu with older libvirt might have unexpected consequences, and since you are using CentOS, you have no one to blame but yourself. We are unable to help you here unless you can reproduce the problem with the latest libvirt. > i have 2 questions > 1.snapshot. permisson deny. > dumpxml: > <seclabel type='dynamic' model='selinux' relabel='yes'> > <label>system_u:system_r:svirt_t:s0:c33,c172</label> > <imagelabel>system_u:object_r:svirt_image_t:s0:c33,c172</imagelabel> > </seclabel> > command line: > [root@ovirtdev images]# ls -lZ > -rw-r--r--. qemu qemu system_u:object_r:virt_image_t:s0 test.qcow2 > image does not have the same MLS? > it does not seem like a selinux problem, because selinix does not record this deny. There have been bug fixes in upstream libvirt related to permissions on snapshot creation, although it's hard to say whether all of those have been backported into the downstream version of libvirt that you are using. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list