[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 0/8] Honour current process label when generating SELinux labels



On 08/10/2012 03:47 PM, Daniel P. Berrange wrote:
This patch series makes a number of changes to the SELinux label
generation code. This is intended to make it fully honour the
current process label when generating VM labels, so that dynamic
label generation works better with custom policies, or confined
user accounts.

--
libvir-list mailing list
libvir-list redhat com
https://www.redhat.com/mailman/listinfo/libvir-list


Unfortunately I am not selinux-savvy enough to understand exactly why, but I cannot start guests any more after pulling master.

The issue is that the virtual disk's security context (a block device in this case) cannot be set, message shown below.

012-08-16 15:02:18.891+0000: 1536: error : virSecuritySELinuxSetFileconHelper:652 : unable to set security context 'system_u:system_r:svirt_image_t:s0:c786,c986' on '/dev/disk/by-path/ccw-0.0.3770-part1': Invalid argument

Prior to that the security context would have looked like this
system_u:object_r:svirt_image_t:s0:c153,c923, i.e. using object_r instead of system_r.

I am running on RHEL 6.2, not sure whether this is relevant.

--

Mit freundlichen Grüßen/Kind Regards
   Viktor Mihajlovski

IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Martin Jetter
Geschäftsführung: Dirk Wittkopp
Sitz der Gesellschaft: Böblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]