[libvirt-users] lxc-enter-namespace error: security model cannot be entered.
Daniel P. Berrange
berrange at redhat.com
Tue Jul 30 09:52:43 UTC 2013
On Tue, Jul 30, 2013 at 05:49:28PM +0800, hzguanqiang wrote:
> Hi Guys,
> I started a lxc container with libvit in ubuntu Operating system, and succeed using lxc-enter-namespace to enter the namespaces and security context of the container. But when I do the same thing in debian OS, It reported an error, with details as following:
>
> root at debian:/etc# vir list
> Id Name State
> ----------------------------------------------------
> 4424 instance-00000007 running
> 25913 instance-00000008 running
>
> root at debian:/etc# vir dumpxml 4424
> <domain type='lxc' id='4424'>
> <name>instance-00000007</name>
> <uuid>f1ce5360-bb5e-4cfc-b5ef-d05f8db52618</uuid>
> <memory unit='KiB'>1048576</memory>
> <currentMemory unit='KiB'>1048576</currentMemory>
> <vcpu placement='static'>3</vcpu>
> <resource>
> <partition>/machine</partition>
> </resource>
> <os>
> <type arch='x86_64'>exe</type>
> <init>/sbin/init</init>
> <cmdline>console=tty0 console=ttyS0</cmdline>
> </os>
> <clock offset='utc'/>
> <on_poweroff>destroy</on_poweroff>
> <on_reboot>restart</on_reboot>
> <on_crash>destroy</on_crash>
> <devices>
> <emulator>/usr/lib/libvirt/libvirt_lxc</emulator>
> <filesystem type='mount' accessmode='passthrough'>
> <source dir='/opt/stack/data/nova/instances/f1ce5360-bb5e-4cfc-b5ef-d05f8db52618/rootfs'/>
> <target dir='/'/>
> </filesystem>
> <interface type='bridge'>
> <mac address='fa:16:3e:3a:c6:11'/>
> <source bridge='br100'/>
> <target dev='veth0'/>
> <filterref filter='nova-instance-instance-00000007-fa163e3ac611'/>
> </interface>
> <console type='pty' tty='/dev/pts/1'>
> <source path='/dev/pts/1'/>
> <target type='lxc' port='0'/>
> <alias name='console0'/>
> </console>
> </devices>
> <seclabel type='none'/>
> </domain>
>
> root at debian:/etc# vir lxc-enter-namespace 4424 /bin/sh/
> libvirt: error : argument unsupported: Security model cannot be entered
>
> Is there anything that needs to be configured in debian OS for using the 'lxc-enter-namespace' interface?
Hmm, that's a bug in virsh. As a workaround use the --noseclabel flag
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvirt-users
mailing list