Not sure if related, but after syncing libvirt to latest master branch I see following errors:<div><br><div><blockquote class="gmail_quote" style="margin-top:0px;margin-right:0px;margin-bottom:0px;margin-left:0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
2012-02-04 10:38:00.119+0000: 18828: error : virSecurityLabelDefParseXML:2646 : XML error: security label is missing<br>2012-02-04 10:38:00.129+0000: 18828: error : virSecurityLabelDefParseXML:2646 : XML error: security label is missing</blockquote>
<div><br></div><div>And virt-manager does not want to start anymore. Is this backward-compatibility related issue?</div><div><br></div><div>Thanks,</div><div>Ansis</div><br><div class="gmail_quote">On Wed, Feb 1, 2012 at 8:27 PM, Eric Blake <span dir="ltr"><<a href="mailto:eblake@redhat.com">eblake@redhat.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On 01/25/2012 07:12 AM, Daniel P. Berrange wrote:<br>
> From: "Daniel P. Berrange" <<a href="mailto:berrange@redhat.com">berrange@redhat.com</a>><br>
><br>
> Curently security labels can be of type 'dynamic' or 'static'.<br>
<br>
</div>s/Curently/Currently/<br>
<div><div class="h5"><br>
> If no security label is given, then 'dynamic' is assumed. The<br>
> current code takes advantage of this default, and avoids even<br>
> saving <seclabel> elements with type='dynamic' to disk. This<br>
> means if you temporarily change security driver, the guests<br>
> can all still start.<br>
><br>
> With the introduction of sVirt to LXC though, there needs to be<br>
> a new default of 'none' to allow unconfined LXC containers.<br>
><br>
> This patch introduces two new security label types<br>
><br>
> - default: the host configuration decides whether to run the<br>
> guest with type 'none' or 'dynamic' at guest start<br>
> - none: the guest will run unconfined by security policy<br>
><br>
> The 'none' label type will obviously be undesirable for some<br>
> deployments, so a new qemu.conf option allows a host admin to<br>
> mandate confined guests. It is also possible to turn off default<br>
> confinement<br>
><br>
> security_default_confined = 1|0 (default == 1)<br>
> security_require_confined = 1|0 (default == 0)<br>
><br>
> * src/conf/domain_conf.c, src/conf/domain_conf.h: Add new<br>
> seclabel types<br>
> * src/security/security_manager.c, src/security/security_manager.h:<br>
> Set default sec label types<br>
> * src/security/security_selinux.c: Handle 'none' seclabel type<br>
> * src/qemu/qemu.conf, src/qemu/qemu_conf.c, src/qemu/qemu_conf.h,<br>
> src/qemu/libvirtd_qemu.aug: New security config options<br>
> * src/qemu/qemu_driver.c: Tell security driver about default<br>
> config<br>
> ---<br>
> docs/<a href="http://formatdomain.html.in" target="_blank">formatdomain.html.in</a> | 24 +++++++++----<br>
> docs/schemas/domaincommon.rng | 5 +++<br>
> po/POTFILES.in | 1 +<br>
> src/conf/domain_conf.c | 70 ++++++++++++++++++++++++--------------<br>
> src/conf/domain_conf.h | 2 +<br>
> src/qemu/libvirtd_qemu.aug | 2 +<br>
> src/qemu/qemu.conf | 8 ++++<br>
> src/qemu/qemu_conf.c | 11 ++++++<br>
> src/qemu/qemu_conf.h | 2 +<br>
> src/qemu/qemu_driver.c | 7 +++-<br>
> src/security/security_manager.c | 51 +++++++++++++++++++++++++---<br>
> src/security/security_manager.h | 8 ++++-<br>
> src/security/security_selinux.c | 32 ++++++++++++++----<br>
> tests/seclabeltest.c | 2 +-<br>
> 14 files changed, 177 insertions(+), 48 deletions(-)<br>
<br>
</div></div>Just glancing at this diffstat, it looks like you hit my major concerns<br>
from v1<br>
(<a href="https://www.redhat.com/archives/libvir-list/2012-January/msg00940.html" target="_blank">https://www.redhat.com/archives/libvir-list/2012-January/msg00940.html</a>)<br>
<div class="im"><br>
> @@ -3484,10 +3484,11 @@ qemu-kvm -net nic,model=? /dev/null<br>
><br>
> <p><br>
> The <code>seclabel</code> element allows control over the<br>
> - operation of the security drivers. There are two basic<br>
> - modes of operation, dynamic where libvirt automatically<br>
> - generates a unique security label, or static where the<br>
> - application/administrator chooses the labels. With dynamic<br>
> + operation of the security drivers. There are three basic<br>
> + modes of operation, 'dynamic' where libvirt automatically<br>
> + generates a unique security label, 'static' where the<br>
> + application/administrator chooses the labels, or 'none'<br>
> + where confinement is disabled. With dynamic<br>
> label generation, libvirt will always automatically<br>
> relabel any resources associated with the virtual machine.<br>
> With static label assignment, by default, the administrator<br>
<br>
</div>Probably want to also document with a <span class="since"> that 'none'<br>
was introduced in 0.9.10.<br>
<div class="im"><br>
> @@ -3515,9 +3516,18 @@ qemu-kvm -net nic,model=? /dev/null<br>
> <seclabel type='static' model='selinux' relabel='yes'><br>
> <label>system_u:system_r:svirt_t:s0:c392,c662</label><br>
> </seclabel><br>
> +<br>
> + <seclabel type='none'/><br>
> </pre><br>
><br>
> <p><br>
> + If no 'type' attribute is provided in the input XML, then<br>
> + the security driver default setting will be used, which<br>
> + may be either 'none' or 'static'.<br>
<br>
</div>Actually, it is either 'none' or 'dynamic'; the only way to get 'static'<br>
is with explicit type attribute.<br>
<div class="im"><br>
> @@ -2591,12 +2602,15 @@ virSecurityLabelDefParseXML(virSecurityLabelDefPtr def,<br>
> def->imagelabel = p;<br>
> }<br>
><br>
> - /* Only parse baselabel, for dynamic label */<br>
> - if (def->type == VIR_DOMAIN_SECLABEL_DYNAMIC) {<br>
> + /* Only parse baselabel, for dynamic or none label types */<br>
> + if (def->type == VIR_DOMAIN_SECLABEL_DYNAMIC ||<br>
> + def->type == VIR_DOMAIN_SECLABEL_NONE) {<br>
> p = virXPathStringLimit("string(./seclabel/baselabel[1])",<br>
> VIR_SECURITY_LABEL_BUFLEN-1, ctxt);<br>
> if (p != NULL)<br>
> def->baselabel = p;<br>
> + /* Forces none type to dynamic for back compat */<br>
> + def->type = VIR_DOMAIN_SECLABEL_DYNAMIC;<br>
<br>
</div>Missing braces. This should be:<br>
<div class="im"><br>
if (p != NULL) {<br>
def->baselabel = p;<br>
</div> /* Force none to dynamic for back compat */<br>
def->type = VIR_DOMAIN_SECLABEL_DYNAMIC;<br>
}<br>
<br>
ACK with those items fixed.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Eric Blake <a href="mailto:eblake@redhat.com">eblake@redhat.com</a> <a href="tel:%2B1-919-301-3266" value="+19193013266">+1-919-301-3266</a><br>
Libvirt virtualization library <a href="http://libvirt.org" target="_blank">http://libvirt.org</a><br>
<br>
</font></span><br>--<br>
libvir-list mailing list<br>
<a href="mailto:libvir-list@redhat.com">libvir-list@redhat.com</a><br>
<a href="https://www.redhat.com/mailman/listinfo/libvir-list" target="_blank">https://www.redhat.com/mailman/listinfo/libvir-list</a><br></blockquote></div><br></div></div>