[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] problems with <seclabel> when restarting libvirtd



I had libvirtd build from 0.9.2+something running on my test machine. There was a single guest running on it.

I grabbed the latest libvirt from git (0.9.3+??), built an rpm, and installed it. My guest reconnected with no problems, but I was unable to start new guests due to an selinux problem with the labeling of the image file. Interestingly, I found that I could shutdown and restart the one guest that had been running at the time of the upgrade. *Until* I restarted libvirtd again while the guest was stopped. After this point, I could no longer start that guest either.

I then set selinux to permissive mode and was able to start my original guest. Then I restarted libvirtd and found that, although the qemu-kvm process was still running, libvirtd couldn't reconnect to the guest. When I looked at the logs, I saw this:

error: virSecurityLabelDefParseXML:5073 : unsupported configuration: dynamic label type must use resource relabeling

In the domain state file, I see this:

| <seclabel type='dynamic' model='selinux' relabel='no'>
| <label>system_u:system_r:svirt_t:s-:c419,c955</label>
| </seclabel>

The data in the state file was written by the same version of libvirtd that wrote it. So why did it write something it knows it doesn't support?


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]