Re: Missing security model in 1.2.8?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, Sep 25, 2014 at 09:03:57PM +0000, Gary Hook wrote:
> I have successfully (I believe) built (rebuilt on Ubuntu 14.04), installed, and used libvirt 1.2.2. Behaviorally I can't tell the difference between what I've built and what Ubuntu distributes.
> 
> Specifically, "virsh capabilities" shows this:
> 
> 
>     <secmodel>
> 
>       <model>apparmor</model>
> 
>       <doi>0</doi>
> 
>     </secmodel>
> 
>     <secmodel>
> 
>       <model>dac</model>
> 
>       <doi>0</doi>
> 
>       <baselabel type='kvm'>+112:+113</baselabel>
> 
>       <baselabel type='qemu'>+112:+113</baselabel>
> 
>     </secmodel>
> 
> Which seems reasonable as well as expected.
> 
> I build 1.2.8 using the same commands, install the generated packages, recycle, and virsh reports this:
> 
> 
>     <secmodel>
> 
>       <model>none</model>
> 
>       <doi>0</doi>
> 
>     </secmodel>
> 
>     <secmodel>
> 
>       <model>dac</model>
> 
>       <doi>0</doi>
> 
>       <baselabel type='kvm'>+112:+113</baselabel>
> 
>       <baselabel type='qemu'>+112:+113</baselabel>
> 
>     </secmodel>
> 
> The app armor security model is missing, but It's unclear why that might be. The app armor library is linked in and used (according to ldd), and nothing else on the system changes. I can install / de-install the two versions and repeatedly demonstrate this change.
> 
> Any suggestions on what I should be looking for? Nothing comes up via a web search.
> 
> Again: no special options on the configure, and the same technique is used to build both versions. I'm looking for any pointers before I start digging into the code.

Try running libvirtd with

 LIBVIRT_LOG_FILTERS="1:qemu 1:security" LIBVIRT_LOG_OUTPUTS="1:stderr" /usr/sbin/libvirtd

as it starts up you ought to see some messages about it trying to initialize
the security drivers. If you're lucky one might tell you why apparmour was
missing, if you compare the log messages from both builds.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

_______________________________________________
libvirt-users mailing list
libvirt-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvirt-users
[Index of Archives]     [Virt Tools]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux