11:54 a.m.
On 01/14/2014 10:32 AM, Michal Privoznik wrote:
On 13.01.2014 19:27, Ivan Gooten wrote:
> On 01/13/2014 04:50 PM, Michal Privoznik wrote:
>> On 13.01.2014 16:10, Ivan Gooten wrote:
>>> hi,
>>>
>>> recently i've been busy with libvirt(d) v1.2.0 on armhf and i see, even
>>> if selinux sec driver is enabled on the configure stage, the driver is
>>> not finally created. these configure parameters are:
>>>
>>> --with-selinux
>>> --with-secdriver-selinux
>>> --with-selinux-mount=/sys/fs/selinux
>>>
>>> the /sys/fs/selinux is valid, selinux is running in permissive mode, got
>>> also libselinux DEV package installed, so no missing req. headers here.
>>>
>>> when trying to run libvirtd, i'm getting:
>>>
>>> error : virSecurityDriverLookup:78 : unsupported configuration: Security
>>> driver selinux not enabled
>>> error : lxcSecurityInit:1461 : Failed to initialise security drivers
>>> error : virStateInitialize:854 : Initialisation of LXC state driver
>>> failed: unsupported configuration: Security driver selinux not enabled
>>> error : daemonRunStateInit:909 : Driver state initialisation failed
>>>
>>> someone got any clue what may be causing this?
>>>
>>> thanks,
>>> ivan gooten
>>>
>> Are you sure selinux is enabled? Not enforcing, just enabled.
>>
>> Michal
>>
> hi,
>
> thank Michal and Daniel for your answers.
>
> so here i provide the configure summary:
> http://pastebin.com/un0UnFCP
Have your configure found HAVE_SELINUX_LXC_CONTEXTS_PATH?
grep HAVE_SELINUX_LXC_CONTEXTS_PATH config.h
Moreover, does /etc/selinux/targeted/contexts/lxc_contexts exist on your
system (the path may however change - I took it from my RHEL machine)?
Michal
hi,
$ grep HAVE_SELINUX_LXC_CONTEXTS_PATH config.h
#define HAVE_SELINUX_LXC_CONTEXTS_PATH 1
unfortunately there is no "lxc_contexts" file, but i've grepped
/etc/selinux for lxc's, mayby that will be helpfull:
$ grep -iR lxc .
Binary file ./default/policy/policy.29 matches
./default/modules/active/file_contexts:/var/run/libvirt/lxc(/.*)?
system_u:object_r:virtd_lxc_var_run_t:s0
./default/modules/active/file_contexts:/var/run/libvirt-sandbox(/.*)?
system_u:object_r:virtd_lxc_var_run_t:s0
./default/modules/active/file_contexts:/usr/libexec/libvirt_lxc --
system_u:object_r:virtd_lxc_exec_t:s0
./default/modules/active/file_contexts.template:/var/run/libvirt/lxc(/.*)?
system_u:object_r:virtd_lxc_var_run_t:s0
./default/modules/active/file_contexts.template:/var/run/libvirt-sandbox(/.*)?
system_u:object_r:virtd_lxc_var_run_t:s0
./default/modules/active/file_contexts.template:/usr/libexec/libvirt_lxc
-- system_u:object_r:virtd_lxc_exec_t:s0
Binary file ./default/modules/active/policy.kern matches
./default/contexts/files/file_contexts:/var/run/libvirt/lxc(/.*)?
system_u:object_r:virtd_lxc_var_run_t:s0
./default/contexts/files/file_contexts:/var/run/libvirt-sandbox(/.*)?
system_u:object_r:virtd_lxc_var_run_t:s0
./default/contexts/files/file_contexts:/usr/libexec/libvirt_lxc --
system_u:object_r:virtd_lxc_exec_t:s0
Binary file ./default/contexts/files/file_contexts.bin matches
Binary file ./mls/policy/policy.29 matches
Binary file ./mls/modules/active/modules/courier.pp matches
Binary file ./mls/modules/active/modules/nut.pp matches
Binary file ./mls/modules/active/modules/init.pp matches
./mls/modules/active/file_contexts:/var/run/libvirt/lxc(/.*)?
system_u:object_r:virtd_lxc_var_run_t:s0
./mls/modules/active/file_contexts:/var/run/libvirt-sandbox(/.*)?
system_u:object_r:virtd_lxc_var_run_t:s0
./mls/modules/active/file_contexts:/usr/libexec/libvirt_lxc --
system_u:object_r:virtd_lxc_exec_t:s0
./mls/modules/active/file_contexts.template:/var/run/libvirt/lxc(/.*)?
system_u:object_r:virtd_lxc_var_run_t:s0
./mls/modules/active/file_contexts.template:/var/run/libvirt-sandbox(/.*)?
system_u:object_r:virtd_lxc_var_run_t:s0
./mls/modules/active/file_contexts.template:/usr/libexec/libvirt_lxc
-- system_u:object_r:virtd_lxc_exec_t:s0
Binary file ./mls/modules/active/policy.kern matches
./mls/contexts/files/file_contexts:/var/run/libvirt/lxc(/.*)?
system_u:object_r:virtd_lxc_var_run_t:s0
./mls/contexts/files/file_contexts:/var/run/libvirt-sandbox(/.*)?
system_u:object_r:virtd_lxc_var_run_t:s0
./mls/contexts/files/file_contexts:/usr/libexec/libvirt_lxc --
system_u:object_r:virtd_lxc_exec_t:s0
Binary file ./mls/contexts/files/file_contexts.bin matches
ivan