On Fri, Dec 4, 2009 at 10:33 AM, Guido Günther <[email protected]> wrote: > Hi Luca, > On Thu, Dec 03, 2009 at 10:41:04PM +0100, Luca Tettamanti wrote: >> Package: libvirt-bin >> Version: 0.7.4-1 >> Severity: normal >> >> Hello, >> libvirtd fails to start when SELinux is active on the system; this the >> output of the program: >> >> 22:31:41.249: warning : qemudStartup:907 : Unable to create cgroup for >> driver: No such device or address >> 22:31:41.311: error : SELinuxInitialize:115 : cannot open SELinux virtual >> domain context file '/etc/selinux/default/contexts/virtual_domain_context': >> No such file or directory >> 22:31:41.311: error : qemudSecurityInit:764 : Failed to start security driver >> 22:31:41.311: error : virStateInitialize:832 : Initialization of QEMU state >> driver failed >> 22:31:41.312: error : main:3155 : Driver state initialization failed >> 22:31:41.312: warning : qemudDispatchSignalEvent:383 : Shutting down on >> signal 3 >> >> /etc/selinux/default/contexts/virtual_domain_context is not provided by the >> selinux-policy-default package... > Fedora has it though: > > http://cvs.fedoraproject.org/viewvc//rpms/selinux-policy/F-12/selinux-policy.spec?view=markup > > Since I'm not running SELinux: could you have a look at the Fedora > policy and see if the files are suitable?
With both virtual_domain_context and virtual_image_context from F12 the daemon starts, but then I'm unable to start any VM: ERROR internal error unable to start guest: libvir: Security Labeling error : unable to set security context 'system_u:system_r:svirt_t:s0:c206,c208': Invalid argument libvir: Security Labeling error : unable to set security context 'system_u:object_r:svirt_image_t:s0:c206,c208' on '/var/lib/libvirt/images/winxp-am.img': Invalid argument I have virt.pp loaded, and the operation fails even with SELinux in permissive mode :( I'm unable to load virt.pp from F-12, it seems that other modules are required: libsepol.permission_copy_callback: Module virt depends on permission module_request in class system, not satisfied (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! I'm not _that_ expert with SELinux (and I'd rather not mess up my server too much...), you may want to disable selinux support in the package at least until an appropriate policy is available... feel free to bounce this bug to the selinux guys. Luca -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
