于 2014年08月21日 20:58, Eric Blake 写道:
Hi guys,
It seems libvirt disable SELinux driver by default. You need to provide more details to substantiate your claim. What
On 08/21/2014 01:38 AM, Qiang Guan wrote: platform are you running on, and what version of libvirt? Did you build it yourself or are you using the pre-built distro version?
Fedora-based distributions (and that includes RHEL and CentOS) ship the distro version with SELinux support ON by default. However, actually using SELinux when the support is present depends on your /etc/libvirt/*.conf settings: qemu.conf uses SELinux by default, while lxc.conf has to be manually tweaked to turn on the use of SELinux (that's because proper labeling for an LXC container is a lot more involved). That said, the conf files only give defaults, and it is still possible to do per-domain use of SELinux (the virt-sandbox app is one that always tries to use SELinux labeling when creating LXC guests, regardless of the *.conf defaults).
How to enable SELinux driver for libvirt? If you self-compiled, make sure you had the right devel libraries present to ensure the SELinux support is compiled in. If you are using a distro, you may want to file a support ticket with your distro provider.
Hi, Eric, thanks for help. I'm using ubuntu14.04 with libvirt of version 1.2.2 from ubuntu trusty source. I want to use SELinux labeling with dynamic type for my lxc which is started by libvirt API. I don't know whether SELinux support is compiled in the ubuntu release. How can I recognize whether SELinux is compiled in libvirt of a release version? If compiled, which configure need to be set to enable SELinux driver for libvirt? -- ------------ Jackie Best Regards