On Fri, Dec 4, 2009 at 10:33 AM, Guido Günther a...@sigxcpu.org wrote:
Hi Luca,
On Thu, Dec 03, 2009 at 10:41:04PM +0100, Luca Tettamanti wrote:
Package: libvirt-bin
Version: 0.7.4-1
Severity: normal
Hello,
libvirtd fails to start when SELinux is active on the system; this the
output of the program:
22:31:41.249: warning : qemudStartup:907 : Unable to create cgroup for
driver: No such device or address
22:31:41.311: error : SELinuxInitialize:115 : cannot open SELinux virtual
domain context file '/etc/selinux/default/contexts/virtual_domain_context':
No such file or directory
22:31:41.311: error : qemudSecurityInit:764 : Failed to start security driver
22:31:41.311: error : virStateInitialize:832 : Initialization of QEMU state
driver failed
22:31:41.312: error : main:3155 : Driver state initialization failed
22:31:41.312: warning : qemudDispatchSignalEvent:383 : Shutting down on
signal 3
/etc/selinux/default/contexts/virtual_domain_context is not provided by the
selinux-policy-default package...
Fedora has it though:
http://cvs.fedoraproject.org/viewvc//rpms/selinux-policy/F-12/selinux-policy.spec?view=markup
Since I'm not running SELinux: could you have a look at the Fedora
policy and see if the files are suitable?
With both virtual_domain_context and virtual_image_context from F12
the daemon starts, but then I'm unable to start any VM:
ERRORinternal error unable to start guest: libvir: Security
Labeling error : unable to set security context
'system_u:system_r:svirt_t:s0:c206,c208': Invalid argument
libvir: Security Labeling error : unable to set security context
'system_u:object_r:svirt_image_t:s0:c206,c208' on
'/var/lib/libvirt/images/winxp-am.img': Invalid argument
I have virt.pp loaded, and the operation fails even with SELinux in
permissive mode :(
I'm unable to load virt.pp from F-12, it seems that other modules are required:
libsepol.permission_copy_callback: Module virt depends on permission
module_request in class system, not satisfied (No such file or
directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file
or directory).
semodule: Failed!
I'm not _that_ expert with SELinux (and I'd rather not mess up my
server too much...), you may want to disable selinux support in the
package at least until an appropriate policy is available... feel free
to bounce this bug to the selinux guys.
Luca
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org