[libvirt] problems with <seclabel> when restarting libvirtd
Daniel P. Berrange
berrange at redhat.com
Tue Jul 5 09:52:50 UTC 2011
On Tue, Jul 05, 2011 at 12:34:38AM -0400, Laine Stump wrote:
> I had libvirtd build from 0.9.2+something running on my test
> machine. There was a single guest running on it.
>
> I grabbed the latest libvirt from git (0.9.3+??), built an rpm, and
> installed it. My guest reconnected with no problems, but I was
> unable to start new guests due to an selinux problem with the
> labeling of the image file. Interestingly, I found that I could
> shutdown and restart the one guest that had been running at the time
> of the upgrade. *Until* I restarted libvirtd again while the guest
> was stopped. After this point, I could no longer start that guest
> either.
>
> I then set selinux to permissive mode and was able to start my
> original guest. Then I restarted libvirtd and found that, although
> the qemu-kvm process was still running, libvirtd couldn't reconnect
> to the guest. When I looked at the logs, I saw this:
>
> error: virSecurityLabelDefParseXML:5073 : unsupported configuration:
> dynamic label type must use resource relabeling
>
> In the domain state file, I see this:
>
> | <seclabel type='dynamic' model='selinux' relabel='no'>
> | <label>system_u:system_r:svirt_t:s-:c419,c955</label>
> | </seclabel>
>
> The data in the state file was written by the same version of
> libvirtd that wrote it. So why did it write something it knows it
> doesn't support?
It is a default value initialization mistake
http://www.redhat.com/archives/libvir-list/2011-July/msg00166.html
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list