On 01/14/2014 10:32 AM, Michal Privoznik wrote: > On 13.01.2014 19:27, Ivan Gooten wrote: >> On 01/13/2014 04:50 PM, Michal Privoznik wrote: >>> On 13.01.2014 16:10, Ivan Gooten wrote: >>>> hi, >>>> >>>> recently i've been busy with libvirt(d) v1.2.0 on armhf and i see, even >>>> if selinux sec driver is enabled on the configure stage, the driver is >>>> not finally created. these configure parameters are: >>>> >>>> --with-selinux >>>> --with-secdriver-selinux >>>> --with-selinux-mount=/sys/fs/selinux >>>> >>>> the /sys/fs/selinux is valid, selinux is running in permissive mode, got >>>> also libselinux DEV package installed, so no missing req. headers here. >>>> >>>> when trying to run libvirtd, i'm getting: >>>> >>>> error : virSecurityDriverLookup:78 : unsupported configuration: Security >>>> driver selinux not enabled >>>> error : lxcSecurityInit:1461 : Failed to initialise security drivers >>>> error : virStateInitialize:854 : Initialisation of LXC state driver >>>> failed: unsupported configuration: Security driver selinux not enabled >>>> error : daemonRunStateInit:909 : Driver state initialisation failed >>>> >>>> someone got any clue what may be causing this? >>>> >>>> thanks, >>>> ivan gooten >>>> >>> Are you sure selinux is enabled? Not enforcing, just enabled. >>> >>> Michal >>> >> hi, >> >> thank Michal and Daniel for your answers. >> >> so here i provide the configure summary: >> http://pastebin.com/un0UnFCP > Have your configure found HAVE_SELINUX_LXC_CONTEXTS_PATH? > > grep HAVE_SELINUX_LXC_CONTEXTS_PATH config.h > > Moreover, does /etc/selinux/targeted/contexts/lxc_contexts exist on your > system (the path may however change - I took it from my RHEL machine)? > > Michal hi, $ grep HAVE_SELINUX_LXC_CONTEXTS_PATH config.h #define HAVE_SELINUX_LXC_CONTEXTS_PATH 1 unfortunately there is no "lxc_contexts" file, but i've grepped /etc/selinux for lxc's, mayby that will be helpfull: $ grep -iR lxc . Binary file ./default/policy/policy.29 matches ./default/modules/active/file_contexts:/var/run/libvirt/lxc(/.*)? system_u:object_r:virtd_lxc_var_run_t:s0 ./default/modules/active/file_contexts:/var/run/libvirt-sandbox(/.*)? system_u:object_r:virtd_lxc_var_run_t:s0 ./default/modules/active/file_contexts:/usr/libexec/libvirt_lxc -- system_u:object_r:virtd_lxc_exec_t:s0 ./default/modules/active/file_contexts.template:/var/run/libvirt/lxc(/.*)? system_u:object_r:virtd_lxc_var_run_t:s0 ./default/modules/active/file_contexts.template:/var/run/libvirt-sandbox(/.*)? system_u:object_r:virtd_lxc_var_run_t:s0 ./default/modules/active/file_contexts.template:/usr/libexec/libvirt_lxc -- system_u:object_r:virtd_lxc_exec_t:s0 Binary file ./default/modules/active/policy.kern matches ./default/contexts/files/file_contexts:/var/run/libvirt/lxc(/.*)? system_u:object_r:virtd_lxc_var_run_t:s0 ./default/contexts/files/file_contexts:/var/run/libvirt-sandbox(/.*)? system_u:object_r:virtd_lxc_var_run_t:s0 ./default/contexts/files/file_contexts:/usr/libexec/libvirt_lxc -- system_u:object_r:virtd_lxc_exec_t:s0 Binary file ./default/contexts/files/file_contexts.bin matches Binary file ./mls/policy/policy.29 matches Binary file ./mls/modules/active/modules/courier.pp matches Binary file ./mls/modules/active/modules/nut.pp matches Binary file ./mls/modules/active/modules/init.pp matches ./mls/modules/active/file_contexts:/var/run/libvirt/lxc(/.*)? system_u:object_r:virtd_lxc_var_run_t:s0 ./mls/modules/active/file_contexts:/var/run/libvirt-sandbox(/.*)? system_u:object_r:virtd_lxc_var_run_t:s0 ./mls/modules/active/file_contexts:/usr/libexec/libvirt_lxc -- system_u:object_r:virtd_lxc_exec_t:s0 ./mls/modules/active/file_contexts.template:/var/run/libvirt/lxc(/.*)? system_u:object_r:virtd_lxc_var_run_t:s0 ./mls/modules/active/file_contexts.template:/var/run/libvirt-sandbox(/.*)? system_u:object_r:virtd_lxc_var_run_t:s0 ./mls/modules/active/file_contexts.template:/usr/libexec/libvirt_lxc -- system_u:object_r:virtd_lxc_exec_t:s0 Binary file ./mls/modules/active/policy.kern matches ./mls/contexts/files/file_contexts:/var/run/libvirt/lxc(/.*)? system_u:object_r:virtd_lxc_var_run_t:s0 ./mls/contexts/files/file_contexts:/var/run/libvirt-sandbox(/.*)? system_u:object_r:virtd_lxc_var_run_t:s0 ./mls/contexts/files/file_contexts:/usr/libexec/libvirt_lxc -- system_u:object_r:virtd_lxc_exec_t:s0 Binary file ./mls/contexts/files/file_contexts.bin matches ivan _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
