Re: [libvirt] Release of libvirt-0.10.0
It's not anything special; domain without any <seclabel>:
http://pastebin.com/jzkAkubi
and of course, the default config in qemu.conf. That is all .*security.*
knobs commented out. And I don't build with selinux on my system (don't
even have selinux headers).
[explicitly CC'ing Peter who took a deeper look and might provide more info]
On 29.08.2012 23:02, Marcelo Cerri wrote:
Can you send me foo's XML? I can't reproduce this error and
I'd like to
check it.
There's a good chance that the last two Peter's patches fix that:
commit eb8e9b6027512edf2c93343f430e7e6429af0ff5
Author: Peter Krempa <pkrempa(a)redhat.com>
Date: Wed Aug 29 14:19:39 2012 +0200
qemu: Refactor initialisation of security drivers.
The security driver loading code in qemu has a flaw that causes it to
register the DAC security driver twice. This causes problems (machines
unable to start) as the two DAC drivers clash together.
This patch refactors the code to allow loading the DAC driver even if
its specified in configuration (it can't be registered as a common
security driver), and does not add the driver twice.
commit ba150e5504d81b24c81556d9be2ab4d3a4904a56
Author: Peter Krempa <pkrempa(a)redhat.com>
Date: Wed Aug 29 14:29:43 2012 +0200
Revert "security: Add DAC to security_drivers"
This reverts commit 9f9b7b85c9b422e8f4e813f3920bf8f433246a4a.
The DAC security driver needs special handling and extra parameters and
can't just be added to regular security drivers.
On 08/29/2012 05:19 PM, Guido Günther wrote:
> On Wed, Aug 29, 2012 at 11:24:08AM +0200, Michal Privoznik wrote:
>> On 29.08.2012 09:15, Guido Günther wrote:
>>> On Wed, Aug 29, 2012 at 01:26:54PM +0800, Daniel Veillard wrote:
>>>> As planned, I tagged the release this morning and pushed the builds
>>>> at the usual place:
>>>> ftp://libvirt.org/libvirt/
>>>
>>> With this (also with 0.10.0rc2) kvm domains won't start giving:
>>>
>>> $ virsh start foo
>>> error: Failed to start domain foo
>>> error: internal error security image label already defined for VM
>>>
>>> We have selinux disabled (--without-selinux). I didn't have a chance to
>>> have a closer look (and possibly won't be for the next days) but I at
>>> least wanted to report this here.
>>> Cheers,
>>> -- Guido
>>
>> Running a git-bisect shows it's me who broke it:
>>
>> commit 9f9b7b85c9b422e8f4e813f3920bf8f433246a4a
>> Author: Michal Privoznik <mprivozn(a)redhat.com>
>> AuthorDate: Fri Aug 24 12:36:03 2012 +0200
>> Commit: Michal Privoznik <mprivozn(a)redhat.com>
>> CommitDate: Fri Aug 24 17:19:25 2012 +0200
>>
>> security: Add DAC to security_drivers
>>
>> Currently, if users set 'security_driver="dac"' in
qemu.conf
>> libvirtd
>> fails to initialize as DAC driver is not found because it is
>> missing
>> in our security drivers array.
>
> That helps. Thanks!
>
>>
>> However, yesterday I was trying current HEAD (I mean current at that
>> time) and it worked.
>
> Any idea which commit fixed it?
> Cheers,
> -- Guido
>
>> The quick fix is to set security_driver="none" in qemu.conf.
>>
>> Michal
>>
>
> --
> libvir-list mailing list
> libvir-list(a)redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
>