[libvirt] problems with <seclabel> when restarting libvirtd
Laine Stump
laine at laine.org
Tue Jul 5 04:34:38 UTC 2011
I had libvirtd build from 0.9.2+something running on my test machine.
There was a single guest running on it.
I grabbed the latest libvirt from git (0.9.3+??), built an rpm, and
installed it. My guest reconnected with no problems, but I was unable to
start new guests due to an selinux problem with the labeling of the
image file. Interestingly, I found that I could shutdown and restart the
one guest that had been running at the time of the upgrade. *Until* I
restarted libvirtd again while the guest was stopped. After this point,
I could no longer start that guest either.
I then set selinux to permissive mode and was able to start my original
guest. Then I restarted libvirtd and found that, although the qemu-kvm
process was still running, libvirtd couldn't reconnect to the guest.
When I looked at the logs, I saw this:
error: virSecurityLabelDefParseXML:5073 : unsupported configuration:
dynamic label type must use resource relabeling
In the domain state file, I see this:
| <seclabel type='dynamic' model='selinux' relabel='no'>
| <label>system_u:system_r:svirt_t:s-:c419,c955</label>
| </seclabel>
The data in the state file was written by the same version of libvirtd
that wrote it. So why did it write something it knows it doesn't support?
More information about the libvir-list
mailing list