[libvirt-users] lxc-enter-namespace error: security model cannot be entered.

Daniel P. Berrange berrange at redhat.com
Tue Jul 30 09:52:43 UTC 2013 

On Tue, Jul 30, 2013 at 05:49:28PM +0800, hzguanqiang wrote:
> Hi Guys,
> I started a lxc container with libvit in ubuntu Operating system, and succeed using lxc-enter-namespace to enter the namespaces and security context of the container. But when I do the same thing in debian OS, It reported an error, with details as following:
> 
> root at debian:/etc# vir list
>  Id    Name                           State
> ----------------------------------------------------
>  4424  instance-00000007              running
>  25913 instance-00000008              running
> 
> root at debian:/etc# vir dumpxml 4424
> <domain type='lxc' id='4424'>
>   <name>instance-00000007</name>
>   <uuid>f1ce5360-bb5e-4cfc-b5ef-d05f8db52618</uuid>
>   <memory unit='KiB'>1048576</memory>
>   <currentMemory unit='KiB'>1048576</currentMemory>
>   <vcpu placement='static'>3</vcpu>
>   <resource>
>     <partition>/machine</partition>
>   </resource>
>   <os>
>     <type arch='x86_64'>exe</type>
>     <init>/sbin/init</init>
>     <cmdline>console=tty0 console=ttyS0</cmdline>
>   </os>
>   <clock offset='utc'/>
>   <on_poweroff>destroy</on_poweroff>
>   <on_reboot>restart</on_reboot>
>   <on_crash>destroy</on_crash>
>   <devices>
>     <emulator>/usr/lib/libvirt/libvirt_lxc</emulator>
>     <filesystem type='mount' accessmode='passthrough'>
>       <source dir='/opt/stack/data/nova/instances/f1ce5360-bb5e-4cfc-b5ef-d05f8db52618/rootfs'/>
>       <target dir='/'/>
>     </filesystem>
>     <interface type='bridge'>
>       <mac address='fa:16:3e:3a:c6:11'/>
>       <source bridge='br100'/>
>       <target dev='veth0'/>
>       <filterref filter='nova-instance-instance-00000007-fa163e3ac611'/>
>     </interface>
>     <console type='pty' tty='/dev/pts/1'>
>       <source path='/dev/pts/1'/>
>       <target type='lxc' port='0'/>
>       <alias name='console0'/>
>     </console>
>   </devices>
>   <seclabel type='none'/>
> </domain>
> 
> root at debian:/etc# vir lxc-enter-namespace 4424 /bin/sh/
> libvirt:  error : argument unsupported: Security model  cannot be entered
> 
> Is there anything that needs to be configured in debian OS for using the 'lxc-enter-namespace' interface?

Hmm, that's a bug in virsh. As a workaround use the  --noseclabel flag


Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the libvirt-users mailing list