On Wed, Jan 29, 2014 at 09:59:30AM -0500, Christopher Stone wrote:
I hope this question isn't considered too off topic for this list, I am trying to reach the libvirt-sandbox developers, but I could not find a libvirt-sandbox specific mailing list, and it seemed to me that libvirt-sandbox was a part of libvirt itself.
Yes, libvirt-sandbox questions are welcome here http://sandbox.libvirt.org/communicate/
Next, I try to use libvirt-sandbox, and I get the following error: [root@scwnet1 tests]# /usr/local/bin/virt-sandbox -c lxc:/// /bin/sh Unable to start sandbox: Failed to create domain: unsupported configuration: Unable to find security driver for label selinux
Ok, so libvirt either hasn't compiled selinux, or has failed to activate it
configure:71252: Security Drivers configure:71254: configure:71256: SELinux: yes (/sys/fs/selinux) configure:71258: AppArmor: no (install profiles: no)
That confirms you've got basic SELinux support compiled, but it doesn't mean that's enough to enable it for LXC. We also have a check for the selinux_lxc_contexts_path function in libselinux.so
My libvirt capabilites shows this: [root@scwnet1 tests]# virsh -c lxc:/// capabilities <capabilities> <secmodel> <model>none</model> <doi>0</doi> </secmodel> </host>
</capabilities>
I am not sure if secmodel none is the problem.
Yes, that confirms that it definitely isn't available for LXC I think you'd probably need to upgrade the libselinux library and selinux policy too I'm afraid. FWIW, I've never really intended that libvirt-sandbox work on RHEL-6, since as you've discovered quite a few dependancies are too old and require updating. I've only targetted Fedora and forthcoming RHEL-7 Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|