Re: Unable to find security driver for label selinux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 29.08.2014 04:03, Qiang Guan wrote:

Hi experts,

I want to have a test on security driver for libvirt lxc on my debian
system.
What I do is as the following steps:
1) download the source code from git://libvirt.org/libvirt.git
2) compile and install with the source code as following:
./autogen.sh --system
  ./configure --with-selinux=yes --with-secdriver-selinux=yes
make -j8 & make install

root@debian:~/github/libvirt.git/tools# ./virsh --version=long
Virsh command line tool of libvirt 1.2.8
See web site at http://libvirt.org/
Compiled with support for:
  Hypervisors: QEMU/KVM LXC UML OpenVZ VMWare VirtualBox Test
  Networking: Remote Network Bridging Interface udev Nwfilter VirtualPort
  Storage: Dir Filesystem SCSI Multipath LVM
  Miscellaneous: Daemon Nodedev SELinux Secrets Debug Modular

3) then I define a lxc vm with the seclabel :
root@debian:~/images# vir dumpxml lxc
<domain type='lxc'>
   <name>lxc</name>
   <uuid>b1b787a1-d20e-48bd-938b-16ba61d22405</uuid>
   <memory unit='KiB'>419404</memory>
   <currentMemory unit='KiB'>419404</currentMemory>
   <vcpu placement='static'>1</vcpu>
   <resource>
     <partition>/machine</partition>
   </resource>
   <os>
     <type arch='x86_64'>exe</type>
     <init>/sbin/init</init>
     <cmdline>console=tty0 console=ttyS0</cmdline>
   </os>
   <clock offset='utc'/>
   <on_poweroff>destroy</on_poweroff>
   <on_reboot>restart</on_reboot>
   <on_crash>destroy</on_crash>
   <devices>
     <emulator>/usr/local/libexec/libvirt_lxc</emulator>
     <filesystem type='mount' accessmode='passthrough'>
       <source dir='/tmp/rootfs'/>
       <target dir='/'/>
     </filesystem>
     <console type='pty'>
       <target type='lxc' port='0'/>
     </console>
   </devices>
   <seclabel type='dynamic' relabel='yes'/>
</domain

4) When I start the vm, It output an error:
root@debian:~/images# vir start lxc
error: Failed to start domain lxc
error: unsupported configuration: Unable to find security driver for
label selinux

What's the problem?
While you probably have selinux libraries installed, you're not running selinux enabled kernel. That's why selinux driver is disabled and the domain won't start. 

Michal

_______________________________________________
libvirt-users mailing list
libvirt-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvirt-users
[Index of Archives]     [Virt Tools]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux