[libvirt-users] How to enable SELinux driver for libvirt?

[Eric Blake]

On 08/21/2014 08:37 PM, Qiang Guan wrote:

>>> How to enable SELinux driver for libvirt?
>> If you self-compiled, make sure you had the right devel libraries
>> present to ensure the SELinux support is compiled in.  If you are using
>> a distro, you may want to file a support ticket with your distro
>> provider.
>>
> Hi, Eric, thanks for help.
> I'm using ubuntu14.04 with libvirt of version 1.2.2 from ubuntu trusty
> source.

Ubuntu normally uses AppArmor, not SELinux.  Again, libvirt is set up to
use AppArmor by default when that is the distro's preferred security
mechanism, but I'm not much of an Ubuntu user, so you may get better
answers from others.

> I want to use SELinux labeling with dynamic type for my lxc which is
> started by libvirt API.
> 
> I don't know whether SELinux support is compiled in the ubuntu release.

Probably not, for the same reason that AppArmor support is not compiled
into Fedora releases.

> How can I recognize whether SELinux is compiled in libvirt of a release
> version?

virsh --version=long

On my machine, I see (among others):
 Miscellaneous: Daemon Nodedev SELinux Secrets Debug DTrace Readline Modular

I'd expect AppArmor instead of SELinux on a debian-based build.

> If compiled, which configure need to be set to enable SELinux driver for
> libvirt?

Configure probes for things and makes reasonable defaults; but if you
want to enforce the issue, then use './configure --with-selinux=yes
--with-secdriver-selinux=yes' to make configure forcefully error out if
the dependencies aren't met, rather than silently omitting the dependency.

-- 
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 539 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20140821/fc35161c/attachment.sig>