Bug#559356: [Pkg-libvirt-maintainers] Bug#559356: libvirt-bin: libvirtd fails to start (SELinux)

2009-12-05 Thread Guido Günther 
Hi,
I've disables SELinux for now to work around this.
Thanks for your feedback!
 -- Guido




-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#559356: [Pkg-libvirt-maintainers] Bug#559356: libvirt-bin: libvirtd fails to start (SELinux)

2009-12-05 Thread Guido Günther 
Hi,
Fedora 12 hat

/etc/selinux/default/contexts/virtual_domain_context
/etc/selinux/default/contexts/virtual_image_context 

as policies for running VMs under libvirt.

See:

http://cvs.fedoraproject.org/viewvc//rpms/selinux-policy/F-12/selinux-policy.spec?view=markup

for details. Would be nice if we could have this in Debian too. Please
let me know if I can help with that.
Cheers,
 -- Guido



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#559356: [Pkg-libvirt-maintainers] Bug#559356: libvirt-bin: libvirtd fails to start (SELinux)

2009-12-04 Thread Guido Günther 
Hi Luca,
On Thu, Dec 03, 2009 at 10:41:04PM +0100, Luca Tettamanti wrote:
 Package: libvirt-bin
 Version: 0.7.4-1
 Severity: normal
 
 Hello,
 libvirtd fails to start when SELinux is active on the system; this the
 output of the program:
 
 22:31:41.249: warning : qemudStartup:907 : Unable to create cgroup for 
 driver: No such device or address
 22:31:41.311: error : SELinuxInitialize:115 : cannot open SELinux virtual 
 domain context file '/etc/selinux/default/contexts/virtual_domain_context': 
 No such file or directory
 22:31:41.311: error : qemudSecurityInit:764 : Failed to start security driver
 22:31:41.311: error : virStateInitialize:832 : Initialization of QEMU state 
 driver failed
 22:31:41.312: error : main:3155 : Driver state initialization failed
 22:31:41.312: warning : qemudDispatchSignalEvent:383 : Shutting down on 
 signal 3
 
 /etc/selinux/default/contexts/virtual_domain_context is not provided by the
 selinux-policy-default package...
Fedora has it though:

http://cvs.fedoraproject.org/viewvc//rpms/selinux-policy/F-12/selinux-policy.spec?view=markup

Since I'm not running SELinux: could you have a look at the Fedora
policy and see if the files are suitable?
Cheers,
 -- Guido



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#559356: [Pkg-libvirt-maintainers] Bug#559356: libvirt-bin: libvirtd fails to start (SELinux)

2009-12-04 Thread Luca Tettamanti 
On Fri, Dec 4, 2009 at 10:33 AM, Guido Günther a...@sigxcpu.org wrote:
 Hi Luca,
 On Thu, Dec 03, 2009 at 10:41:04PM +0100, Luca Tettamanti wrote:
 Package: libvirt-bin
 Version: 0.7.4-1
 Severity: normal

 Hello,
 libvirtd fails to start when SELinux is active on the system; this the
 output of the program:

 22:31:41.249: warning : qemudStartup:907 : Unable to create cgroup for 
 driver: No such device or address
 22:31:41.311: error : SELinuxInitialize:115 : cannot open SELinux virtual 
 domain context file '/etc/selinux/default/contexts/virtual_domain_context': 
 No such file or directory
 22:31:41.311: error : qemudSecurityInit:764 : Failed to start security driver
 22:31:41.311: error : virStateInitialize:832 : Initialization of QEMU state 
 driver failed
 22:31:41.312: error : main:3155 : Driver state initialization failed
 22:31:41.312: warning : qemudDispatchSignalEvent:383 : Shutting down on 
 signal 3

 /etc/selinux/default/contexts/virtual_domain_context is not provided by the
 selinux-policy-default package...
 Fedora has it though:

 http://cvs.fedoraproject.org/viewvc//rpms/selinux-policy/F-12/selinux-policy.spec?view=markup

 Since I'm not running SELinux: could you have a look at the Fedora
 policy and see if the files are suitable?

With both virtual_domain_context and virtual_image_context from F12
the daemon starts, but then I'm unable to start any VM:

ERRORinternal error unable to start guest: libvir: Security
Labeling error : unable to set security context
'system_u:system_r:svirt_t:s0:c206,c208': Invalid argument
libvir: Security Labeling error : unable to set security context
'system_u:object_r:svirt_image_t:s0:c206,c208' on
'/var/lib/libvirt/images/winxp-am.img': Invalid argument

I have virt.pp loaded, and the operation fails even with SELinux in
permissive mode :(
I'm unable to load virt.pp from F-12, it seems that other modules are required:

libsepol.permission_copy_callback: Module virt depends on permission
module_request in class system, not satisfied (No such file or
directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file
or directory).
semodule:  Failed!

I'm not _that_ expert with SELinux (and I'd rather not mess up my
server too much...), you may want to disable selinux support in the
package at least until an appropriate policy is available... feel free
to bounce this bug to the selinux guys.

Luca



--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org