[Libguestfs] virt-v2v 1.38 fails to convert .vmx VM: setfiles ... Multiple same specifications for /.*.

Зиновик Игорь Анатольевич ZinovikIA at nspk.ru
Tue Mar 20 09:22:00 UTC 2018 



С уважением,
Зиновик Игорь |  ДИТ | вн. 1569 |


> -----Original Message-----
> From: Richard W.M. Jones [mailto:rjones at redhat.com]
> Sent: Monday, March 19, 2018 5:42 PM
> To: Зиновик Игорь Анатольевич <ZinovikIA at nspk.ru>
> Cc: libguestfs at redhat.com
> Subject: Re: [Libguestfs] virt-v2v 1.38 fails to convert .vmx VM: setfiles ...
> Multiple same specifications for /.*.
>
> On Mon, Mar 19, 2018 at 02:21:24PM +0000, Зиновик Игорь Анатольевич
> wrote:
> > > -----Original Message-----
> > > From: Richard W.M. Jones [mailto:rjones at redhat.com]
> > > Sent: Monday, March 19, 2018 3:27 PM
> > > To: Зиновик Игорь Анатольевич <ZinovikIA at nspk.ru>
> > > Cc: libguestfs at redhat.com
> > > Subject: Re: [Libguestfs] virt-v2v 1.38 fails to convert .vmx VM: setfiles ...
> > > Multiple same specifications for /.*.
> > >
> > > On Tue, Mar 06, 2018 at 09:31:33AM +0000, Зиновик Игорь Анатольевич
> > > wrote:
> > > > > Multiple same specifications for /.*.
> > > ...
> > > > > > setfiles:
> > > > > > /sysroot/etc/selinux/targeted/contexts/files/file_contexts:
> > > > > > Multiple
> > > > > same specifications for /.*.
> > >
> > > My idea for reproducing this was:
> > >
> > > (1) Download your file_contexts file.
> > >
> > > (2) virt-builder fedora-27 \
> > >         --upload
> file_contexts:/etc/selinux/targeted/contexts/files/file_contexts \
> > >         --selinux-relabel
> > >
> > >
> > > However I wasn't able to reproduce it (with policycoreutils-2.7-
> 15.fc29.x86_64).
> > > Also I don't see multiple ‘/.*’
> > > lines in the file_contexts file.
> > >
> > > So I don't know.
> > >
> > > But it's still my opinion that it is a bug in policycoreutils.
> >
> > Thanks for investigation, Richard. Is it somehow possible to disable
> > `setfiles' invocation during virt-v2v conversion run? E.g. via environment
> variable?
>
> You can do --no-selinux-relabel, but that disables relabelling completely, which
> may mean that your VM won't boot.

My virt-v2v does not recognize --no-selinux-relabel option.

> Have you tried making edits to the file_contexts file to work out exactly which
> part setfiles is complaining about?  That may give some clues about a better
> workaround.

I found the root cause - some of my CentOS 7.3 VMs has /etc/selinux/targeted/contexts/files/file_contexts.pre (leftover?) which mimics /etc/selinux/targeted/contexts/files/file_contexts:
$ sudo LIBGUESTFS_BACKEND=direct guestfish --ro -a vm-lbmgr01.vmdk -i head /etc/selinux/targeted/contexts/files/file_contexts.pre
/.*     system_u:object_r:default_t:s0
/[^/]+  --      system_u:object_r:etc_runtime_t:s0
/a?quota\.(user|group)  --      system_u:object_r:quota_db_t:s0
/nsr(/.*)?      system_u:object_r:var_t:s0
/sys(/.*)?      system_u:object_r:sysfs_t:s0
/xen(/.*)?      system_u:object_r:xen_image_t:s0

$ sudo LIBGUESTFS_BACKEND=direct guestfish --ro -a vm-lbmgr01.vmdk -i head /etc/selinux/targeted/contexts/files/file_contexts
/.*     system_u:object_r:default_t:s0
/[^/]+  --      system_u:object_r:etc_runtime_t:s0
/a?quota\.(user|group)  --      system_u:object_r:quota_db_t:s0
/nsr(/.*)?      system_u:object_r:var_t:s0
/sys(/.*)?      system_u:object_r:sysfs_t:s0
/xen(/.*)?      system_u:object_r:xen_image_t:s0

I moved file to file_contexts.pre to /root directory and successfully managed to convert guest. rpm tool says that this does not belong to
any package. Maybe it is some kind of leftover after upgrade (7.2->7.3), just an assumption from top of my head.
Настоящее сообщение, направленное по электронной почте, и любые вложения - это корреспонденция, содержащая информацию, доступ к которой ограничен в соответствии с законодательством Российской Федерации и которая предназначена только для использования уполномоченными АО «НСПК» получателями сообщения (уполномоченными лицами). Если Вы не являетесь уполномоченным лицом или Вам не известно, являетесь ли Вы таким уполномоченным получателем сообщения от АО «НСПК», то уведомляем, что любое раскрытие, распространение или копирование этого сообщения влечет за собой установленную законом ответственность. Если Вы не являетесь уполномоченным получателем сообщения, просим Вас незамедлительно информировать об этом отправителя и удалить полученное сообщение из системы. This e-mail message together with any attachments hereto contains confidential information and is intended for recipients authorized by NSPK only. Any disclosure, distribution or copying of this message entails liability established by law. If you are not an authorized recipient, please immediately inform the sender and delete this message from your information system.

More information about the Libguestfs mailing list