[libvirt] unable to set security context (NFSv4 problem?)
Spencer Shimko
sshimko at tresys.com
Thu Apr 15 20:06:56 UTC 2010
Harald Dunkel wrote:
> Hi folks,
>
> Since I have moved the image file of a domain to an NFS
> partition I get an error message at start time:
>
> # virsh start mydomain
> error: Failed to start domain mydomain
> error: unable to set security context '110:140' on '/storage/mydomain/vda.img': Invalid argument
What is security_driver set to in /etc/libvirt/qemu.conf?
It appears to be the security driver trying to update the security
context stored on the filesystem as an extended attribute. The NFS v4
filesystem currently lacks extended attribute support. Without extended
attributes there isn't a place to store the security context associated
with the image file, hence the error.
I've CC'd James Morris who, in addition to working on the original
libvirt security driver implementation, happens to be spearheading the
NFS xattr support. Hopefully he can provide some more information.
>
> The /storage partition is mounted with these options:
>
> # cat /proc/mounts | grep /storage
> nasl002:/storage/ /storage nfs4 rw,relatime,vers=4,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=172.19.96.31,addr=172.19.96.213 0 0
>
> If I use a local disk instead, then there is no such
> problem.
The fact that it works on local disk is likely attributable to the local
filesystem supporting extended attributes. Examples of these
filesystems include ext2/3/4 and xfs.
>
> libvirt is version 0.7.7-4, as included with Debian.
> Any helpful comment would be highly appreciated.
Out of curiosity, are you using the SELinux support in Debian?
--Spencer
>
>
> Regards
>
> Harri
>
More information about the libvir-list
mailing list