[libvirt] Release of libvirt-0.10.0
Michal Privoznik
mprivozn at redhat.com
Thu Aug 30 07:59:18 UTC 2012
It's not anything special; domain without any <seclabel>:
http://pastebin.com/jzkAkubi
and of course, the default config in qemu.conf. That is all .*security.*
knobs commented out. And I don't build with selinux on my system (don't
even have selinux headers).
[explicitly CC'ing Peter who took a deeper look and might provide more info]
On 29.08.2012 23:02, Marcelo Cerri wrote:
> Can you send me foo's XML? I can't reproduce this error and I'd like to
> check it.
>
> There's a good chance that the last two Peter's patches fix that:
>
> commit eb8e9b6027512edf2c93343f430e7e6429af0ff5
> Author: Peter Krempa <pkrempa at redhat.com>
> Date: Wed Aug 29 14:19:39 2012 +0200
>
> qemu: Refactor initialisation of security drivers.
>
> The security driver loading code in qemu has a flaw that causes it to
> register the DAC security driver twice. This causes problems (machines
> unable to start) as the two DAC drivers clash together.
>
> This patch refactors the code to allow loading the DAC driver even if
> its specified in configuration (it can't be registered as a common
> security driver), and does not add the driver twice.
>
> commit ba150e5504d81b24c81556d9be2ab4d3a4904a56
> Author: Peter Krempa <pkrempa at redhat.com>
> Date: Wed Aug 29 14:29:43 2012 +0200
>
> Revert "security: Add DAC to security_drivers"
>
> This reverts commit 9f9b7b85c9b422e8f4e813f3920bf8f433246a4a.
>
> The DAC security driver needs special handling and extra parameters and
> can't just be added to regular security drivers.
>
>
>
> On 08/29/2012 05:19 PM, Guido Günther wrote:
>> On Wed, Aug 29, 2012 at 11:24:08AM +0200, Michal Privoznik wrote:
>>> On 29.08.2012 09:15, Guido Günther wrote:
>>>> On Wed, Aug 29, 2012 at 01:26:54PM +0800, Daniel Veillard wrote:
>>>>> As planned, I tagged the release this morning and pushed the builds
>>>>> at the usual place:
>>>>> ftp://libvirt.org/libvirt/
>>>>
>>>> With this (also with 0.10.0rc2) kvm domains won't start giving:
>>>>
>>>> $ virsh start foo
>>>> error: Failed to start domain foo
>>>> error: internal error security image label already defined for VM
>>>>
>>>> We have selinux disabled (--without-selinux). I didn't have a chance to
>>>> have a closer look (and possibly won't be for the next days) but I at
>>>> least wanted to report this here.
>>>> Cheers,
>>>> -- Guido
>>>
>>> Running a git-bisect shows it's me who broke it:
>>>
>>> commit 9f9b7b85c9b422e8f4e813f3920bf8f433246a4a
>>> Author: Michal Privoznik <mprivozn at redhat.com>
>>> AuthorDate: Fri Aug 24 12:36:03 2012 +0200
>>> Commit: Michal Privoznik <mprivozn at redhat.com>
>>> CommitDate: Fri Aug 24 17:19:25 2012 +0200
>>>
>>> security: Add DAC to security_drivers
>>>
>>> Currently, if users set 'security_driver="dac"' in qemu.conf
>>> libvirtd
>>> fails to initialize as DAC driver is not found because it is
>>> missing
>>> in our security drivers array.
>>
>> That helps. Thanks!
>>
>>>
>>> However, yesterday I was trying current HEAD (I mean current at that
>>> time) and it worked.
>>
>> Any idea which commit fixed it?
>> Cheers,
>> -- Guido
>>
>>> The quick fix is to set security_driver="none" in qemu.conf.
>>>
>>> Michal
>>>
>>
>> --
>> libvir-list mailing list
>> libvir-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/libvir-list
>>
>
More information about the libvir-list
mailing list