[libvirt-users] libvirt on armhf with selinux driver

Ivan Gooten ivanogot at gmail.com
Tue Jan 14 17:54:52 UTC 2014 

On 01/14/2014 10:32 AM, Michal Privoznik wrote:
> On 13.01.2014 19:27, Ivan Gooten wrote:
>> On 01/13/2014 04:50 PM, Michal Privoznik wrote:
>>> On 13.01.2014 16:10, Ivan Gooten wrote:
>>>> hi,
>>>>
>>>> recently i've been busy with libvirt(d) v1.2.0 on armhf and i see, even
>>>> if selinux sec driver is enabled on the configure stage, the driver is
>>>> not finally created. these configure parameters are:
>>>>
>>>> --with-selinux
>>>> --with-secdriver-selinux
>>>> --with-selinux-mount=/sys/fs/selinux
>>>>
>>>> the /sys/fs/selinux is valid, selinux is running in permissive mode, got
>>>> also libselinux DEV package installed, so no missing req. headers here.
>>>>
>>>> when trying to run libvirtd, i'm getting:
>>>>
>>>> error : virSecurityDriverLookup:78 : unsupported configuration: Security
>>>> driver selinux not enabled
>>>> error : lxcSecurityInit:1461 : Failed to initialise security drivers
>>>> error : virStateInitialize:854 : Initialisation of LXC state driver
>>>> failed: unsupported configuration: Security driver selinux not enabled
>>>> error : daemonRunStateInit:909 : Driver state initialisation failed
>>>>
>>>> someone got any clue what may be causing this?
>>>>
>>>> thanks,
>>>> ivan gooten
>>>>
>>> Are you sure selinux is enabled? Not enforcing, just enabled.
>>>
>>> Michal
>>>
>> hi,
>>
>> thank Michal and Daniel for your answers.
>>
>> so here i provide the configure summary:
>> http://pastebin.com/un0UnFCP
> Have your configure found  HAVE_SELINUX_LXC_CONTEXTS_PATH?
>
> grep HAVE_SELINUX_LXC_CONTEXTS_PATH config.h
>
> Moreover, does /etc/selinux/targeted/contexts/lxc_contexts exist on your
> system (the path may however change - I took it from my RHEL machine)?
>
> Michal

hi,

$ grep HAVE_SELINUX_LXC_CONTEXTS_PATH config.h
#define HAVE_SELINUX_LXC_CONTEXTS_PATH 1

unfortunately there is no "lxc_contexts" file, but i've grepped
/etc/selinux for lxc's, mayby that will be helpfull:

$ grep -iR lxc .
Binary file ./default/policy/policy.29 matches
./default/modules/active/file_contexts:/var/run/libvirt/lxc(/.*)?   
system_u:object_r:virtd_lxc_var_run_t:s0
./default/modules/active/file_contexts:/var/run/libvirt-sandbox(/.*)?   
system_u:object_r:virtd_lxc_var_run_t:s0
./default/modules/active/file_contexts:/usr/libexec/libvirt_lxc    --   
system_u:object_r:virtd_lxc_exec_t:s0
./default/modules/active/file_contexts.template:/var/run/libvirt/lxc(/.*)?   
system_u:object_r:virtd_lxc_var_run_t:s0
./default/modules/active/file_contexts.template:/var/run/libvirt-sandbox(/.*)?   
system_u:object_r:virtd_lxc_var_run_t:s0
./default/modules/active/file_contexts.template:/usr/libexec/libvirt_lxc   
--    system_u:object_r:virtd_lxc_exec_t:s0
Binary file ./default/modules/active/policy.kern matches
./default/contexts/files/file_contexts:/var/run/libvirt/lxc(/.*)?   
system_u:object_r:virtd_lxc_var_run_t:s0
./default/contexts/files/file_contexts:/var/run/libvirt-sandbox(/.*)?   
system_u:object_r:virtd_lxc_var_run_t:s0
./default/contexts/files/file_contexts:/usr/libexec/libvirt_lxc    --   
system_u:object_r:virtd_lxc_exec_t:s0
Binary file ./default/contexts/files/file_contexts.bin matches
Binary file ./mls/policy/policy.29 matches
Binary file ./mls/modules/active/modules/courier.pp matches
Binary file ./mls/modules/active/modules/nut.pp matches
Binary file ./mls/modules/active/modules/init.pp matches
./mls/modules/active/file_contexts:/var/run/libvirt/lxc(/.*)?   
system_u:object_r:virtd_lxc_var_run_t:s0
./mls/modules/active/file_contexts:/var/run/libvirt-sandbox(/.*)?   
system_u:object_r:virtd_lxc_var_run_t:s0
./mls/modules/active/file_contexts:/usr/libexec/libvirt_lxc    --   
system_u:object_r:virtd_lxc_exec_t:s0
./mls/modules/active/file_contexts.template:/var/run/libvirt/lxc(/.*)?    system_u:object_r:virtd_lxc_var_run_t:s0
./mls/modules/active/file_contexts.template:/var/run/libvirt-sandbox(/.*)?   
system_u:object_r:virtd_lxc_var_run_t:s0
./mls/modules/active/file_contexts.template:/usr/libexec/libvirt_lxc   
--    system_u:object_r:virtd_lxc_exec_t:s0
Binary file ./mls/modules/active/policy.kern matches
./mls/contexts/files/file_contexts:/var/run/libvirt/lxc(/.*)?   
system_u:object_r:virtd_lxc_var_run_t:s0
./mls/contexts/files/file_contexts:/var/run/libvirt-sandbox(/.*)?   
system_u:object_r:virtd_lxc_var_run_t:s0
./mls/contexts/files/file_contexts:/usr/libexec/libvirt_lxc    --   
system_u:object_r:virtd_lxc_exec_t:s0
Binary file ./mls/contexts/files/file_contexts.bin matches

ivan

More information about the libvirt-users mailing list