On 01/14/2014 10:32 AM, Michal Privoznik wrote:
On 13.01.2014 19:27, Ivan Gooten wrote:
On 01/13/2014 04:50 PM, Michal Privoznik wrote:
On 13.01.2014 16:10, Ivan Gooten wrote:
hi,
recently i've been busy with libvirt(d) v1.2.0 on armhf and i see, even if selinux sec driver is enabled on the configure stage, the driver is not finally created. these configure parameters are:
--with-selinux --with-secdriver-selinux --with-selinux-mount=/sys/fs/selinux
the /sys/fs/selinux is valid, selinux is running in permissive mode, got also libselinux DEV package installed, so no missing req. headers here.
when trying to run libvirtd, i'm getting:
error : virSecurityDriverLookup:78 : unsupported configuration: Security driver selinux not enabled error : lxcSecurityInit:1461 : Failed to initialise security drivers error : virStateInitialize:854 : Initialisation of LXC state driver failed: unsupported configuration: Security driver selinux not enabled error : daemonRunStateInit:909 : Driver state initialisation failed
someone got any clue what may be causing this?
thanks, ivan gooten
Are you sure selinux is enabled? Not enforcing, just enabled.
Michal
hi,
thank Michal and Daniel for your answers.
so here i provide the configure summary: http://pastebin.com/un0UnFCP Have your configure found HAVE_SELINUX_LXC_CONTEXTS_PATH?
grep HAVE_SELINUX_LXC_CONTEXTS_PATH config.h
Moreover, does /etc/selinux/targeted/contexts/lxc_contexts exist on your system (the path may however change - I took it from my RHEL machine)?
Michal
hi, $ grep HAVE_SELINUX_LXC_CONTEXTS_PATH config.h #define HAVE_SELINUX_LXC_CONTEXTS_PATH 1 unfortunately there is no "lxc_contexts" file, but i've grepped /etc/selinux for lxc's, mayby that will be helpfull: $ grep -iR lxc . Binary file ./default/policy/policy.29 matches ./default/modules/active/file_contexts:/var/run/libvirt/lxc(/.*)? system_u:object_r:virtd_lxc_var_run_t:s0 ./default/modules/active/file_contexts:/var/run/libvirt-sandbox(/.*)? system_u:object_r:virtd_lxc_var_run_t:s0 ./default/modules/active/file_contexts:/usr/libexec/libvirt_lxc -- system_u:object_r:virtd_lxc_exec_t:s0 ./default/modules/active/file_contexts.template:/var/run/libvirt/lxc(/.*)? system_u:object_r:virtd_lxc_var_run_t:s0 ./default/modules/active/file_contexts.template:/var/run/libvirt-sandbox(/.*)? system_u:object_r:virtd_lxc_var_run_t:s0 ./default/modules/active/file_contexts.template:/usr/libexec/libvirt_lxc -- system_u:object_r:virtd_lxc_exec_t:s0 Binary file ./default/modules/active/policy.kern matches ./default/contexts/files/file_contexts:/var/run/libvirt/lxc(/.*)? system_u:object_r:virtd_lxc_var_run_t:s0 ./default/contexts/files/file_contexts:/var/run/libvirt-sandbox(/.*)? system_u:object_r:virtd_lxc_var_run_t:s0 ./default/contexts/files/file_contexts:/usr/libexec/libvirt_lxc -- system_u:object_r:virtd_lxc_exec_t:s0 Binary file ./default/contexts/files/file_contexts.bin matches Binary file ./mls/policy/policy.29 matches Binary file ./mls/modules/active/modules/courier.pp matches Binary file ./mls/modules/active/modules/nut.pp matches Binary file ./mls/modules/active/modules/init.pp matches ./mls/modules/active/file_contexts:/var/run/libvirt/lxc(/.*)? system_u:object_r:virtd_lxc_var_run_t:s0 ./mls/modules/active/file_contexts:/var/run/libvirt-sandbox(/.*)? system_u:object_r:virtd_lxc_var_run_t:s0 ./mls/modules/active/file_contexts:/usr/libexec/libvirt_lxc -- system_u:object_r:virtd_lxc_exec_t:s0 ./mls/modules/active/file_contexts.template:/var/run/libvirt/lxc(/.*)? system_u:object_r:virtd_lxc_var_run_t:s0 ./mls/modules/active/file_contexts.template:/var/run/libvirt-sandbox(/.*)? system_u:object_r:virtd_lxc_var_run_t:s0 ./mls/modules/active/file_contexts.template:/usr/libexec/libvirt_lxc -- system_u:object_r:virtd_lxc_exec_t:s0 Binary file ./mls/modules/active/policy.kern matches ./mls/contexts/files/file_contexts:/var/run/libvirt/lxc(/.*)? system_u:object_r:virtd_lxc_var_run_t:s0 ./mls/contexts/files/file_contexts:/var/run/libvirt-sandbox(/.*)? system_u:object_r:virtd_lxc_var_run_t:s0 ./mls/contexts/files/file_contexts:/usr/libexec/libvirt_lxc -- system_u:object_r:virtd_lxc_exec_t:s0 Binary file ./mls/contexts/files/file_contexts.bin matches ivan