From: "Daniel P. Berrange" <berrange(a)redhat.com&gt; The virDomainGetSecurityLabel method is currently (mistakenly) showing the label of the libvirt_lxc process: ...snip... Security model: selinux Security DOI: 0 Security label: system_u:system_r:virtd_t:s0-s0:c0.c1023 (permissive) when it should be showing the init process label ...snip... Security model: selinux Security DOI: 0 Security label: system_u:system_r:svirt_t:s0:c724,c995 (permissive) --- src/lxc/lxc_driver.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index 338b8eb..7791966 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -1162,8 +1162,16 @@ static int lxcDomainGetSecurityLabel(virDomainPtr dom, virSecurityLabelPtr secla * LXC monitor hasn't seen SIGHUP/ERR on poll(). */ if (virDomainObjIsActive(vm)) { + virLXCDomainObjPrivatePtr priv = vm->privateData; + + if (!priv->initpid) { + virReportError(VIR_ERR_OPERATION_INVALID, "%s", + _("Init pid is not yet available")); + goto cleanup; + } + if (virSecurityManagerGetProcessLabel(driver->securityManager, - vm->def, vm->pid, seclabel) < 0) { + vm->def, priv->initpid, seclabel) < 0) { virReportError(VIR_ERR_INTERNAL_ERROR, "%s", _("Failed to get security label")); goto cleanup; -- 1.8.1.4