[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] unable to set security context (NFSv4 problem?)



Harald Dunkel wrote:
Hi folks,

Since I have moved the image file of a domain to an NFS
partition I get an error message at start time:

# virsh start mydomain
error: Failed to start domain mydomain
error: unable to set security context '110:140' on '/storage/mydomain/vda.img': Invalid argument

What is security_driver set to in /etc/libvirt/qemu.conf?

It appears to be the security driver trying to update the security context stored on the filesystem as an extended attribute. The NFS v4 filesystem currently lacks extended attribute support. Without extended attributes there isn't a place to store the security context associated with the image file, hence the error.

I've CC'd James Morris who, in addition to working on the original libvirt security driver implementation, happens to be spearheading the NFS xattr support. Hopefully he can provide some more information.


The /storage partition is mounted with these options:

# cat /proc/mounts  | grep /storage
nasl002:/storage/ /storage nfs4 rw,relatime,vers=4,rsize=1048576,wsize=1048576,namlen=255,hard,proto=tcp,port=0,timeo=600,retrans=2,sec=sys,clientaddr=172.19.96.31,addr=172.19.96.213 0 0

If I use a local disk instead, then there is no such
problem.

The fact that it works on local disk is likely attributable to the local filesystem supporting extended attributes. Examples of these filesystems include ext2/3/4 and xfs.


libvirt is version 0.7.7-4, as included with Debian.
Any helpful comment would be highly appreciated.

Out of curiosity, are you using the SELinux support in Debian?

--Spencer


Regards

Harri



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]