[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] Release of libvirt-0.10.0



It's not anything special; domain without any <seclabel>:

   http://pastebin.com/jzkAkubi

and of course, the default config in qemu.conf. That is all .*security.*
knobs commented out. And I don't build with selinux on my system (don't
even have selinux headers).

[explicitly CC'ing Peter who took a deeper look and might provide more info]

On 29.08.2012 23:02, Marcelo Cerri wrote:
> Can you send me foo's XML? I can't reproduce this error and I'd like to
> check it.
> 
> There's a good chance that the last two Peter's patches fix that:
> 
> commit eb8e9b6027512edf2c93343f430e7e6429af0ff5
> Author: Peter Krempa <pkrempa redhat com>
> Date:   Wed Aug 29 14:19:39 2012 +0200
> 
>     qemu: Refactor initialisation of security drivers.
> 
>     The security driver loading code in qemu has a flaw that causes it to
>     register the DAC security driver twice. This causes problems (machines
>     unable to start) as the two DAC drivers clash together.
> 
>     This patch refactors the code to allow loading the DAC driver even if
>     its specified in configuration (it can't be registered as a common
>     security driver), and does not add the driver twice.
> 
> commit ba150e5504d81b24c81556d9be2ab4d3a4904a56
> Author: Peter Krempa <pkrempa redhat com>
> Date:   Wed Aug 29 14:29:43 2012 +0200
> 
>     Revert "security: Add DAC to security_drivers"
> 
>     This reverts commit 9f9b7b85c9b422e8f4e813f3920bf8f433246a4a.
> 
>     The DAC security driver needs special handling and extra parameters and
>     can't just be added to regular security drivers.
> 
> 
> 
> On 08/29/2012 05:19 PM, Guido Günther wrote:
>> On Wed, Aug 29, 2012 at 11:24:08AM +0200, Michal Privoznik wrote:
>>> On 29.08.2012 09:15, Guido Günther wrote:
>>>> On Wed, Aug 29, 2012 at 01:26:54PM +0800, Daniel Veillard wrote:
>>>>>    As planned, I tagged the release this morning and pushed the builds
>>>>> at the usual place:
>>>>>     ftp://libvirt.org/libvirt/
>>>>
>>>> With this (also with 0.10.0rc2) kvm domains won't start giving:
>>>>
>>>> $ virsh start foo
>>>> error: Failed to start domain foo
>>>> error: internal error security image label already defined for VM
>>>>
>>>> We have selinux disabled (--without-selinux). I didn't have a chance to
>>>> have a closer look (and possibly won't be for the next days) but I at
>>>> least wanted to report this here.
>>>> Cheers,
>>>>   -- Guido
>>>
>>> Running a git-bisect shows it's me who broke it:
>>>
>>> commit 9f9b7b85c9b422e8f4e813f3920bf8f433246a4a
>>> Author:     Michal Privoznik <mprivozn redhat com>
>>> AuthorDate: Fri Aug 24 12:36:03 2012 +0200
>>> Commit:     Michal Privoznik <mprivozn redhat com>
>>> CommitDate: Fri Aug 24 17:19:25 2012 +0200
>>>
>>>      security: Add DAC to security_drivers
>>>
>>>      Currently, if users set 'security_driver="dac"' in qemu.conf
>>> libvirtd
>>>      fails to initialize as DAC driver is not found because it is
>>> missing
>>>      in our security drivers array.
>>
>> That helps. Thanks!
>>
>>>
>>> However, yesterday I was trying current HEAD (I mean current at that
>>> time) and it worked.
>>
>> Any idea which commit fixed it?
>> Cheers,
>>   -- Guido
>>
>>> The quick fix is to set security_driver="none" in qemu.conf.
>>>
>>> Michal
>>>
>>
>> -- 
>> libvir-list mailing list
>> libvir-list redhat com
>> https://www.redhat.com/mailman/listinfo/libvir-list
>>
> 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]