KVM image problems

Adam Huffman adam.huffman at gmail.com
Tue Jun 24 15:34:43 UTC 2008


Daniel P. Berrange wrote:
> On Tue, Jun 24, 2008 at 12:57:20PM +0100, Adam Huffman wrote:
>   
>> Having applied Dan Walsh's suggested fix for a SpamAssassin problem, I'm 
>> now seeing errors when running a virtual machine via KVM.
>>
>> The image was created in virt-install quite a while ago:
>>
>> -rwxr-xr-x  root root system_u:object_r:xen_image_t    XP1
>>
>> However, after changing to enforcing mode I saw lots of these errors:
>>     
>
> Xen is not KVM.
>
> Your image has the xen_image_t label because its in /var/lib/xen/images
>
>   
Yes, I always found that location a bit odd, but that's where I was told 
to put them
the last time I had similar trouble (i.e. if I didn't put them in 
/var/lib/xen/images, they wouldn't
pick up the right context).

> By default KVM images live in /var/lib/libvirt/images/ and have
> virt_image_t label. Xen probably ought to be allowed to read virt_image_t
> and then we should change /var/lib/xen/images/ to also be virt_image_t
> and get rid of xen_image_t. It is not nice to have different labels and
> locations for different virt technology. So we should make sure everything
> is using the generic virt_image_t
>
>   

That would be simpler, yes.
> In the meantime you can either move your images or relabel them to be
> virT_image_t for use with KVM
>
>   
Yes, I've relabeled and that seems to have worked for now.

On a related point, will I need to apply virt_image_t to .iso files I'm 
mounting in
these VMs?

Thanks,
Adam




More information about the fedora-selinux-list mailing list