On Tue, Jul 05, 2011 at 12:34:38AM -0400, Laine Stump wrote:

I had libvirtd build from 0.9.2+something running on my test machine. There was a single guest running on it.

I grabbed the latest libvirt from git (0.9.3+??), built an rpm, and installed it. My guest reconnected with no problems, but I was unable to start new guests due to an selinux problem with the labeling of the image file. Interestingly, I found that I could shutdown and restart the one guest that had been running at the time of the upgrade. *Until* I restarted libvirtd again while the guest was stopped. After this point, I could no longer start that guest either.

I then set selinux to permissive mode and was able to start my original guest. Then I restarted libvirtd and found that, although the qemu-kvm process was still running, libvirtd couldn't reconnect to the guest. When I looked at the logs, I saw this:

error: virSecurityLabelDefParseXML:5073 : unsupported configuration: dynamic label type must use resource relabeling

In the domain state file, I see this:

| <seclabel type='dynamic' model='selinux' relabel='no'> | <label>system_u:system_r:svirt_t:s-:c419,c955</label> | </seclabel>

The data in the state file was written by the same version of libvirtd that wrote it. So why did it write something it knows it doesn't support?

It is a default value initialization mistake http://www.redhat.com/archives/libvir-list/2011-July/msg00166.html Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|