On 05/26/2013 08:56 PM, yue wrote:
[please don't top-post on technical lists]
hi.
my environment: centos 6.3, qemu 1.5(source code build), libvirt
libvirt-0.10.2-18.el6_4.2.x86_64.selinux enforce .
It's best to use the entire stack from your distro, or to self-build the
entire stack. Mixing newer qemu with older libvirt might have
unexpected consequences, and since you are using CentOS, you have no one
to blame but yourself. We are unable to help you here unless you can
reproduce the problem with the latest libvirt.
i have 2 questions
1.snapshot. permisson deny.
dumpxml:
<seclabel type='dynamic' model='selinux' relabel='yes'>
<label>system_u:system_r:svirt_t:s0:c33,c172</label>
<imagelabel>system_u:object_r:svirt_image_t:s0:c33,c172</imagelabel>
</seclabel>
command line:
[root@ovirtdev images]# ls -lZ
-rw-r--r--. qemu qemu system_u:object_r:virt_image_t:s0 test.qcow2
image does not have the same MLS?
it does not seem like a selinux problem, because selinix does not record this deny.
There have been bug fixes in upstream libvirt related to permissions on
snapshot creation, although it's hard to say whether all of those have
been backported into the downstream version of libvirt that you are using.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library
http://libvirt.org