[libvirt] problems with <seclabel> when restarting libvirtd

[Daniel P. Berrange]

On Tue, Jul 05, 2011 at 12:34:38AM -0400, Laine Stump wrote:
> I had libvirtd build from 0.9.2+something running on my test
> machine. There was a single guest running on it.
> 
> I grabbed the latest libvirt from git (0.9.3+??), built an rpm, and
> installed it. My guest reconnected with no problems, but I was
> unable to start new guests due to an selinux problem with the
> labeling of the image file. Interestingly, I found that I could
> shutdown and restart the one guest that had been running at the time
> of the upgrade. *Until* I restarted libvirtd again while the guest
> was stopped. After this point, I could no longer start that guest
> either.
> 
> I then set selinux to permissive mode and was able to start my
> original guest. Then I restarted libvirtd and found that, although
> the qemu-kvm process was still running, libvirtd couldn't reconnect
> to the guest. When I looked at the logs, I saw this:
> 
> error: virSecurityLabelDefParseXML:5073 : unsupported configuration:
> dynamic label type must use resource relabeling
> 
> In the domain state file, I see this:
> 
> | <seclabel type='dynamic' model='selinux' relabel='no'>
> | <label>system_u:system_r:svirt_t:s-:c419,c955</label>
> | </seclabel>
> 
> The data in the state file was written by the same version of
> libvirtd that wrote it. So why did it write something it knows it
> doesn't support?

It is a default value initialization mistake

http://www.redhat.com/archives/libvir-list/2011-July/msg00166.html


Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|