On 9/26/14, 4:25 AM, "Daniel P. Berrange" <berrange@xxxxxxxxxx> wrote: >On Thu, Sep 25, 2014 at 09:03:57PM +0000, Gary Hook wrote: >> I have successfully (I believe) built (rebuilt on Ubuntu 14.04), >>installed, and used libvirt 1.2.2. Behaviorally I can't tell the >>difference between what I've built and what Ubuntu distributes. >> >> Specifically, "virsh capabilities" shows this: >> >> >> <secmodel> >> >> <model>apparmor</model> >> >> <doi>0</doi> >> >> </secmodel> >> >> <secmodel> >> >> <model>dac</model> >> >> <doi>0</doi> >> >> <baselabel type='kvm'>+112:+113</baselabel> >> >> <baselabel type='qemu'>+112:+113</baselabel> >> >> </secmodel> >> >> Which seems reasonable as well as expected. >> >> I build 1.2.8 using the same commands, install the generated packages, >>recycle, and virsh reports this: >> >> >> <secmodel> >> >> <model>none</model> >> >> <doi>0</doi> >> >> </secmodel> >> >> <secmodel> >> >> <model>dac</model> >> >> <doi>0</doi> >> >> <baselabel type='kvm'>+112:+113</baselabel> >> >> <baselabel type='qemu'>+112:+113</baselabel> >> >> </secmodel> >> >> The app armor security model is missing, but It's unclear why that >>might be. The app armor library is linked in and used (according to >>ldd), and nothing else on the system changes. I can install / de-install >>the two versions and repeatedly demonstrate this change. >> >> Any suggestions on what I should be looking for? Nothing comes up via a >>web search. >> >> Again: no special options on the configure, and the same technique is >>used to build both versions. I'm looking for any pointers before I start >>digging into the code. > >Try running libvirtd with > > LIBVIRT_LOG_FILTERS="1:qemu 1:security" LIBVIRT_LOG_OUTPUTS="1:stderr" >/usr/sbin/libvirtd > >as it starts up you ought to see some messages about it trying to >initialize >the security drivers. If you're lucky one might tell you why apparmour was >missing, if you compare the log messages from both builds. Thanks so much for the pointer. This bit of info wasn¹t showing up in the usual debugging log that I was slogging through: 2014-09-26 16:21:24.218+0000: 28472: info : libvirt version: 1.2.8 2014-09-26 16:21:24.218+0000: 28472: error : virStoragePoolDefParseNode:981 : XML error: unexpected root element <disk>, expecting <pool> 2014-09-26 16:21:24.330+0000: 28472: debug : virSecurityDriverLookup:60 : name=<null> 2014-09-26 16:21:24.330+0000: 28472: error : AppArmorSecurityManagerProbe:372 : internal error: template '/etc/apparmor.d/libvirt/TEMPLATE.qemu' does not exist 2014-09-26 16:21:24.330+0000: 28472: debug : virSecurityDriverLookup:76 : Not enabled name=apparmor 2014-09-26 16:21:24.330+0000: 28472: debug : virSecurityDriverLookup:71 : Probed name=none (Stream of thought...) Missing TEMPLATE.qemu. Where did that come from? Turns out I have to learn to look through the entire source distro, instead of seeing a summary README or exhaustive CHANGES file. What I need is in the examples directory. Good enough. Then, more searching and I find this: https://www.mail-archive.com/libvir-list%40redhat.com/msg102645.html I would have chosen to implement this type of change in 1.3, but that¹s just me. I also would not have changed the default behavior, but rather built upon it. Again, that¹s just me. Your guidance and expertise are appreciated. Thank you. _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
