[libvirt-users] Unable to find security driver for label selinux
Michal Privoznik
mprivozn at redhat.com
Fri Sep 5 13:44:49 UTC 2014
On 29.08.2014 04:03, Qiang Guan wrote:
> Hi experts,
>
> I want to have a test on security driver for libvirt lxc on my debian
> system.
> What I do is as the following steps:
> 1) download the source code from git://libvirt.org/libvirt.git
> 2) compile and install with the source code as following:
> ./autogen.sh --system
> ./configure --with-selinux=yes --with-secdriver-selinux=yes
> make -j8 & make install
>
> root at debian:~/github/libvirt.git/tools# ./virsh --version=long
> Virsh command line tool of libvirt 1.2.8
> See web site at http://libvirt.org/
> Compiled with support for:
> Hypervisors: QEMU/KVM LXC UML OpenVZ VMWare VirtualBox Test
> Networking: Remote Network Bridging Interface udev Nwfilter VirtualPort
> Storage: Dir Filesystem SCSI Multipath LVM
> Miscellaneous: Daemon Nodedev SELinux Secrets Debug Modular
>
> 3) then I define a lxc vm with the seclabel :
> root at debian:~/images# vir dumpxml lxc
> <domain type='lxc'>
> <name>lxc</name>
> <uuid>b1b787a1-d20e-48bd-938b-16ba61d22405</uuid>
> <memory unit='KiB'>419404</memory>
> <currentMemory unit='KiB'>419404</currentMemory>
> <vcpu placement='static'>1</vcpu>
> <resource>
> <partition>/machine</partition>
> </resource>
> <os>
> <type arch='x86_64'>exe</type>
> <init>/sbin/init</init>
> <cmdline>console=tty0 console=ttyS0</cmdline>
> </os>
> <clock offset='utc'/>
> <on_poweroff>destroy</on_poweroff>
> <on_reboot>restart</on_reboot>
> <on_crash>destroy</on_crash>
> <devices>
> <emulator>/usr/local/libexec/libvirt_lxc</emulator>
> <filesystem type='mount' accessmode='passthrough'>
> <source dir='/tmp/rootfs'/>
> <target dir='/'/>
> </filesystem>
> <console type='pty'>
> <target type='lxc' port='0'/>
> </console>
> </devices>
> <seclabel type='dynamic' relabel='yes'/>
> </domain
>
> 4) When I start the vm, It output an error:
> root at debian:~/images# vir start lxc
> error: Failed to start domain lxc
> error: unsupported configuration: Unable to find security driver for
> label selinux
>
> What's the problem?
While you probably have selinux libraries installed, you're not running
selinux enabled kernel. That's why selinux driver is disabled and the
domain won't start.
Michal
More information about the libvirt-users
mailing list