If you invoke virDomainLxcEnterSecurityLabel() on security model of "none" it will report an error. Logically a "none" security model should be treated as a no-op, so we should just return success immediately, instead of an error. Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com&gt; --- src/libvirt-lxc.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/libvirt-lxc.c b/src/libvirt-lxc.c index 16e08e9..c487ece 100644 --- a/src/libvirt-lxc.c +++ b/src/libvirt-lxc.c @@ -257,6 +257,8 @@ virDomainLxcEnterSecurityLabel(virSecurityModelPtr model, _("Support for AppArmor is not enabled")); goto error; #endif + } else if (STREQ(model->model, "none")) { + /* nothing todo */ } else { virReportError(VIR_ERR_ARGUMENT_UNSUPPORTED, _("Security model %s cannot be entered"), -- 2.7.4