[libvirt-users] libvirt-sandbox question.

Christopher Stone chris at sombrio.com
Wed Jan 29 14:59:30 UTC 2014 

I hope this question isn't considered too off topic for this list, I am
trying to reach the libvirt-sandbox developers, but I could not find a
libvirt-sandbox specific mailing list, and it seemed to me that
libvirt-sandbox was a part of libvirt itself.

I am trying to port libvirt-sandbox to run on a CentOS 6.5 system. This
wasn't too hard but, I had to do the following:

I have used the CentOS repo addon ElRepo to upgrade the kernel to 3.10.28.
CentOS normally runs a 2.6.32 kernel.

I upgraded glib2 from 2.36 to 2.38.2. I did this by building 2.38.2 from
source and installing it into /usr/local. Thus, the 2.36 version still
exists in /lib64 and the normal CentOS applications use this version.

I built libvirt 1.2.1 from source and installed it into /usr/local. I used:
     ./configure --with-lxc --with-selinux --with-secdriver-selinux
--prefix=/usr/local

I built libvirt-glib 0.1.7 from source and installed it into /usr/local. I
used:
    PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./configure --prefix=/usr/local

I build libvirt-sandbox 0.5.1 from source and installed it into /usr/local.
I used:
    PKG_CONFIG_PATH=/usr/local/lib/pkgconfig ./configure

As a test, I am able to run the libvirt lxc helloworld example:

[root at scwnet1 lxc_helloworld]# virsh -c lxc:/// define helloworld.xml
Domain helloworld defined from helloworld.xml

[root at scwnet1 lxc_helloworld]# virsh -c lxc:/// start helloworld
Domain helloworld started

[root at scwnet1 lxc_helloworld]# virsh -c lxc:/// list
 Id    Name                           State
----------------------------------------------------
 9819  helloworld                     running

[root at scwnet1 lxc_helloworld]# virsh -c lxc:/// console helloworld
Connected to domain helloworld
Escape character is ^]
sh-4.1# exit
exit


Next, I try to use libvirt-sandbox, and I get the following error:
[root at scwnet1 tests]# /usr/local/bin/virt-sandbox -c lxc:/// /bin/sh
Unable to start sandbox: Failed to create domain: unsupported
configuration: Unable to find security driver for label selinux


My libvirt config.log shows the SELinux security driver as yes:
configure:71172: Configuration summary
configure:71174: =====================
configure:71176:
configure:71178: Drivers
configure:71180:
configure:71182:       Xen: no
configure:71184:      QEMU: yes
configure:71186:       UML: yes
configure:71188:    OpenVZ: yes
configure:71190:    VMware: yes
configure:71192:      VBox: yes
configure:71194:    XenAPI: no
configure:71196:  xenlight: no
configure:71198:       LXC: yes
configure:71200:      PHYP: no
configure:71202:       ESX: yes
configure:71204:   Hyper-V: no
configure:71206: Parallels: yes
configure:71208:      Test: yes
configure:71210:    Remote: yes
configure:71212:   Network: yes
configure:71214:  Libvirtd: yes
configure:71216: Interface: yes
configure:71218:   macvtap: yes
configure:71220:  virtport: yes
configure:71222:
configure:71224: Storage Drivers
configure:71226:
configure:71228:      Dir: yes
configure:71230:       FS: yes
configure:71232:    NetFS: yes
configure:71234:      LVM: yes
configure:71236:    iSCSI: yes
configure:71238:     SCSI: yes
configure:71240:    mpath: yes
configure:71242:     Disk: yes
configure:71244:      RBD: no
configure:71246: Sheepdog: no
configure:71248:  Gluster: no
configure:71250:
configure:71252: Security Drivers
configure:71254:
configure:71256:  SELinux: yes (/sys/fs/selinux)
configure:71258: AppArmor: no (install profiles: no)
configure:71260:
configure:71262: Driver Loadable Modules
configure:71264:
configure:71267:   dlopen:  -ldl
configure:71273:
configure:71275: Libraries
configure:71277:
configure:71296:   apparmor: no
configure:71326:       attr: yes (CFLAGS='' LIBS='-lattr')
configure:71356:      audit: yes (CFLAGS='' LIBS='-laudit')
configure:71386:      avahi: yes (CFLAGS='-D_REENTRANT  '
LIBS='-lavahi-common -lavahi-client  ')
configure:71416:      blkid: yes (CFLAGS='-I/usr/include/blkid
-I/usr/include/uuid  ' LIBS='-lblkid  ')
configure:71446:      capng: yes (CFLAGS='' LIBS='-lcap-ng')
configure:71476:       curl: yes (CFLAGS='-DCURL_DISABLE_TYPECHECK  '
LIBS='-lcurl  ')
configure:71506:       dbus: no
configure:71536:       fuse: no
configure:71566:  glusterfs: no
configure:71596:        hal: no
configure:71626:      netcf: yes (CFLAGS=' ' LIBS='-lnetcf  ')
configure:71656:    numactl: yes (CFLAGS='' LIBS='-lnuma')
configure:71686:  openwsman: no
configure:71716:  pciaccess: yes (CFLAGS=' ' LIBS='-lpciaccess  ')
configure:71746:   readline: yes (CFLAGS='' LIBS='-lreadline')
configure:71776:    sanlock: yes (CFLAGS='' LIBS='-lsanlock_client')
configure:71806:       sasl: yes (CFLAGS='' LIBS='-lsasl2')
configure:71836:    selinux: yes (CFLAGS='' LIBS='-lselinux')
configure:71866:       ssh2: no
configure:71897:       udev: yes (CFLAGS=' ' LIBS='-ludev  ')
configure:71927:       yajl: yes (CFLAGS='' LIBS='-lyajl')
configure:71940:   libxml: -I/usr/include/libxml2   -lxml2
configure:71942:   dlopen: -ldl
configure:71948: openwsman: no
configure:71952:   gnutls:   -DGCRYPT_NO_DEPRECATED -lgnutls   -lgcrypt
configure:71958: firewalld: no
configure:71965:   polkit: /usr/bin/pkcheck (version 1)
configure:71976:      xen: no
configure:71983:   xenapi: no
configure:71990: xenlight: no
configure:71994:     pcap:  -lpcap
configure:72001:       nl:   -lnl
configure:72011:    mscom: no
configure:72015:      xdr:
configure:72025:      rbd: no
configure:72029:
configure:72031: Test suite
configure:72033:
configure:72035:    Coverage: no
configure:72037:   Alloc OOM: no
configure:72039:
configure:72041: Miscellaneous
configure:72043:
configure:72045:             Debug: yes
configure:72047:       Use -Werror: no



My libvirt capabilites shows this:
[root at scwnet1 tests]# virsh -c lxc:/// capabilities
<capabilities>

  <host>
    <uuid>20b4e77c-3fb8-dc11-968d-c8600070189e</uuid>
    <cpu>
      <arch>x86_64</arch>
    </cpu>
    <power_management>
      <suspend_mem/>
      <suspend_disk/>
    </power_management>
    <topology>
      <cells num='1'>
        <cell id='0'>
          <memory unit='KiB'>8334880</memory>
          <cpus num='4'>
            <cpu id='0' socket_id='0' core_id='0' siblings='0-1'/>
            <cpu id='1' socket_id='0' core_id='1' siblings='0-1'/>
            <cpu id='2' socket_id='0' core_id='2' siblings='2-3'/>
            <cpu id='3' socket_id='0' core_id='3' siblings='2-3'/>
          </cpus>
        </cell>
      </cells>
    </topology>
    <secmodel>
      <model>none</model>
      <doi>0</doi>
    </secmodel>
  </host>

  <guest>
    <os_type>exe</os_type>
    <arch name='x86_64'>
      <wordsize>64</wordsize>
      <emulator>/usr/local/libexec/libvirt_lxc</emulator>
      <domain type='lxc'>
      </domain>
    </arch>
  </guest>

  <guest>
    <os_type>exe</os_type>
    <arch name='i686'>
      <wordsize>32</wordsize>
      <emulator>/usr/local/libexec/libvirt_lxc</emulator>
      <domain type='lxc'>
      </domain>
    </arch>
  </guest>

</capabilities>



I am not sure if secmodel none is the problem.

Can someone give me some direction on how to fix this?

Cheers,
    Chris.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20140129/dd74b525/attachment.htm>

More information about the libvirt-users mailing list