On Fri, Mar 9, 2012 at 3:11 PM, Laine Stump <laine@laine.org> wrote:
On 03/09/2012 09:16 AM, Jiri Denemark wrote:
Hi.
static __inline__ int platform_test_xfs_fd(int fd) { struct statfs buf; if (fstatfs(fd, &buf) < 0) return 0; return (buf.f_type == 0x58465342); /* XFSB */ }
In other words, XFS detection will fail when SELinux is enabled.
I'm not familiar with libvirt's use of SELinux. Can someone explain if we need to expand the policy in libvirt and how to do that? Actually, there is no SELinux policy in libvirt. Libvirt merely uses an appropriate security context when running qemu processes. The rules what such
On Fri, Mar 09, 2012 at 11:32:47 +0000, Stefan Hajnoczi wrote: ... processes can do and what they are forbidden to do are described in SELinux policy which is provided as a separate package (or packages on some distros). So it's this policy (selinux-policy package on Fedora based distros) which would need to be expanded. Thus it should be negotiated with SELinux policy maintainers if they are willing to allow svirt_t domain calling fstatfs.
(Also, since the problem occurs on NFS, this may need to be somehow related to virt_use_nfs being turned on.)
No, this XFS situation is independent of NFS. It's another codepath in QEMU where fstatfs(2) is called, I found it this morning. Stefan