9:10 a.m.
hi,
recently i've been busy with libvirt(d) v1.2.0 on armhf and i see, even
if selinux sec driver is enabled on the configure stage, the driver is
not finally created. these configure parameters are:
--with-selinux
--with-secdriver-selinux
--with-selinux-mount=/sys/fs/selinux
the /sys/fs/selinux is valid, selinux is running in permissive mode, got
also libselinux DEV package installed, so no missing req. headers here.
when trying to run libvirtd, i'm getting:
error : virSecurityDriverLookup:78 : unsupported configuration: Security
driver selinux not enabled
error : lxcSecurityInit:1461 : Failed to initialise security drivers
error : virStateInitialize:854 : Initialisation of LXC state driver
failed: unsupported configuration: Security driver selinux not enabled
error : daemonRunStateInit:909 : Driver state initialisation failed
someone got any clue what may be causing this?
thanks,
ivan gooten
9:16 a.m.
On Mon, Jan 13, 2014 at 04:10:35PM +0100, Ivan Gooten wrote:
hi,
recently i've been busy with libvirt(d) v1.2.0 on armhf and i see, even
if selinux sec driver is enabled on the configure stage, the driver is
not finally created. these configure parameters are:
--with-selinux
--with-secdriver-selinux
--with-selinux-mount=/sys/fs/selinux
the /sys/fs/selinux is valid, selinux is running in permissive mode, got
also libselinux DEV package installed, so no missing req. headers here.
when trying to run libvirtd, i'm getting:
error : virSecurityDriverLookup:78 : unsupported configuration: Security
driver selinux not enabled
error : lxcSecurityInit:1461 : Failed to initialise security drivers
error : virStateInitialize:854 : Initialisation of LXC state driver
failed: unsupported configuration: Security driver selinux not enabled
error : daemonRunStateInit:909 : Driver state initialisation failed
someone got any clue what may be causing this?
This likely means that 'configure' failed to detect selinux support.
Look for any messages it prints in this regard. At the end, it will
summarize whether it succesfully found it or not.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
9:50 a.m.
On 13.01.2014 16:10, Ivan Gooten wrote:
hi,
recently i've been busy with libvirt(d) v1.2.0 on armhf and i see, even
if selinux sec driver is enabled on the configure stage, the driver is
not finally created. these configure parameters are:
--with-selinux
--with-secdriver-selinux
--with-selinux-mount=/sys/fs/selinux
the /sys/fs/selinux is valid, selinux is running in permissive mode, got
also libselinux DEV package installed, so no missing req. headers here.
when trying to run libvirtd, i'm getting:
error : virSecurityDriverLookup:78 : unsupported configuration: Security
driver selinux not enabled
error : lxcSecurityInit:1461 : Failed to initialise security drivers
error : virStateInitialize:854 : Initialisation of LXC state driver
failed: unsupported configuration: Security driver selinux not enabled
error : daemonRunStateInit:909 : Driver state initialisation failed
someone got any clue what may be causing this?
thanks,
ivan gooten
Are you sure selinux is enabled? Not enforcing, just enabled.
Michal
12:27 p.m.
On 01/13/2014 04:50 PM, Michal Privoznik wrote:
On 13.01.2014 16:10, Ivan Gooten wrote:
> hi,
>
> recently i've been busy with libvirt(d) v1.2.0 on armhf and i see, even
> if selinux sec driver is enabled on the configure stage, the driver is
> not finally created. these configure parameters are:
>
> --with-selinux
> --with-secdriver-selinux
> --with-selinux-mount=/sys/fs/selinux
>
> the /sys/fs/selinux is valid, selinux is running in permissive mode, got
> also libselinux DEV package installed, so no missing req. headers here.
>
> when trying to run libvirtd, i'm getting:
>
> error : virSecurityDriverLookup:78 : unsupported configuration: Security
> driver selinux not enabled
> error : lxcSecurityInit:1461 : Failed to initialise security drivers
> error : virStateInitialize:854 : Initialisation of LXC state driver
> failed: unsupported configuration: Security driver selinux not enabled
> error : daemonRunStateInit:909 : Driver state initialisation failed
>
> someone got any clue what may be causing this?
>
> thanks,
> ivan gooten
>
Are you sure selinux is enabled? Not enforcing, just enabled.
Michal
hi,
thank Michal and Daniel for your answers.
so here i provide the configure summary:
http://pastebin.com/un0UnFCP
for me it looks okay, and below is is the sestatus:
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: default
Current mode: permissive
Mode from config file: permissive
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
this is custom kernel 3.10 with debian testing a.k.a. jessie.
also, my friend with the same configuration on rpi, except for his newer
kernel, is having same stranginess.
ivan
3:32 a.m.
On 13.01.2014 19:27, Ivan Gooten wrote:
On 01/13/2014 04:50 PM, Michal Privoznik wrote:
> On 13.01.2014 16:10, Ivan Gooten wrote:
>> hi,
>>
>> recently i've been busy with libvirt(d) v1.2.0 on armhf and i see, even
>> if selinux sec driver is enabled on the configure stage, the driver is
>> not finally created. these configure parameters are:
>>
>> --with-selinux
>> --with-secdriver-selinux
>> --with-selinux-mount=/sys/fs/selinux
>>
>> the /sys/fs/selinux is valid, selinux is running in permissive mode, got
>> also libselinux DEV package installed, so no missing req. headers here.
>>
>> when trying to run libvirtd, i'm getting:
>>
>> error : virSecurityDriverLookup:78 : unsupported configuration: Security
>> driver selinux not enabled
>> error : lxcSecurityInit:1461 : Failed to initialise security drivers
>> error : virStateInitialize:854 : Initialisation of LXC state driver
>> failed: unsupported configuration: Security driver selinux not enabled
>> error : daemonRunStateInit:909 : Driver state initialisation failed
>>
>> someone got any clue what may be causing this?
>>
>> thanks,
>> ivan gooten
>>
> Are you sure selinux is enabled? Not enforcing, just enabled.
>
> Michal
>
hi,
thank Michal and Daniel for your answers.
so here i provide the configure summary:
http://pastebin.com/un0UnFCP
Have your configure found HAVE_SELINUX_LXC_CONTEXTS_PATH?
grep HAVE_SELINUX_LXC_CONTEXTS_PATH config.h
Moreover, does /etc/selinux/targeted/contexts/lxc_contexts exist on your
system (the path may however change - I took it from my RHEL machine)?
Michal
11:54 a.m.
On 01/14/2014 10:32 AM, Michal Privoznik wrote:
On 13.01.2014 19:27, Ivan Gooten wrote:
> On 01/13/2014 04:50 PM, Michal Privoznik wrote:
>> On 13.01.2014 16:10, Ivan Gooten wrote:
>>> hi,
>>>
>>> recently i've been busy with libvirt(d) v1.2.0 on armhf and i see, even
>>> if selinux sec driver is enabled on the configure stage, the driver is
>>> not finally created. these configure parameters are:
>>>
>>> --with-selinux
>>> --with-secdriver-selinux
>>> --with-selinux-mount=/sys/fs/selinux
>>>
>>> the /sys/fs/selinux is valid, selinux is running in permissive mode, got
>>> also libselinux DEV package installed, so no missing req. headers here.
>>>
>>> when trying to run libvirtd, i'm getting:
>>>
>>> error : virSecurityDriverLookup:78 : unsupported configuration: Security
>>> driver selinux not enabled
>>> error : lxcSecurityInit:1461 : Failed to initialise security drivers
>>> error : virStateInitialize:854 : Initialisation of LXC state driver
>>> failed: unsupported configuration: Security driver selinux not enabled
>>> error : daemonRunStateInit:909 : Driver state initialisation failed
>>>
>>> someone got any clue what may be causing this?
>>>
>>> thanks,
>>> ivan gooten
>>>
>> Are you sure selinux is enabled? Not enforcing, just enabled.
>>
>> Michal
>>
> hi,
>
> thank Michal and Daniel for your answers.
>
> so here i provide the configure summary:
> http://pastebin.com/un0UnFCP
Have your configure found HAVE_SELINUX_LXC_CONTEXTS_PATH?
grep HAVE_SELINUX_LXC_CONTEXTS_PATH config.h
Moreover, does /etc/selinux/targeted/contexts/lxc_contexts exist on your
system (the path may however change - I took it from my RHEL machine)?
Michal
hi,
$ grep HAVE_SELINUX_LXC_CONTEXTS_PATH config.h
#define HAVE_SELINUX_LXC_CONTEXTS_PATH 1
unfortunately there is no "lxc_contexts" file, but i've grepped
/etc/selinux for lxc's, mayby that will be helpfull:
$ grep -iR lxc .
Binary file ./default/policy/policy.29 matches
./default/modules/active/file_contexts:/var/run/libvirt/lxc(/.*)?
system_u:object_r:virtd_lxc_var_run_t:s0
./default/modules/active/file_contexts:/var/run/libvirt-sandbox(/.*)?
system_u:object_r:virtd_lxc_var_run_t:s0
./default/modules/active/file_contexts:/usr/libexec/libvirt_lxc --
system_u:object_r:virtd_lxc_exec_t:s0
./default/modules/active/file_contexts.template:/var/run/libvirt/lxc(/.*)?
system_u:object_r:virtd_lxc_var_run_t:s0
./default/modules/active/file_contexts.template:/var/run/libvirt-sandbox(/.*)?
system_u:object_r:virtd_lxc_var_run_t:s0
./default/modules/active/file_contexts.template:/usr/libexec/libvirt_lxc
-- system_u:object_r:virtd_lxc_exec_t:s0
Binary file ./default/modules/active/policy.kern matches
./default/contexts/files/file_contexts:/var/run/libvirt/lxc(/.*)?
system_u:object_r:virtd_lxc_var_run_t:s0
./default/contexts/files/file_contexts:/var/run/libvirt-sandbox(/.*)?
system_u:object_r:virtd_lxc_var_run_t:s0
./default/contexts/files/file_contexts:/usr/libexec/libvirt_lxc --
system_u:object_r:virtd_lxc_exec_t:s0
Binary file ./default/contexts/files/file_contexts.bin matches
Binary file ./mls/policy/policy.29 matches
Binary file ./mls/modules/active/modules/courier.pp matches
Binary file ./mls/modules/active/modules/nut.pp matches
Binary file ./mls/modules/active/modules/init.pp matches
./mls/modules/active/file_contexts:/var/run/libvirt/lxc(/.*)?
system_u:object_r:virtd_lxc_var_run_t:s0
./mls/modules/active/file_contexts:/var/run/libvirt-sandbox(/.*)?
system_u:object_r:virtd_lxc_var_run_t:s0
./mls/modules/active/file_contexts:/usr/libexec/libvirt_lxc --
system_u:object_r:virtd_lxc_exec_t:s0
./mls/modules/active/file_contexts.template:/var/run/libvirt/lxc(/.*)?
system_u:object_r:virtd_lxc_var_run_t:s0
./mls/modules/active/file_contexts.template:/var/run/libvirt-sandbox(/.*)?
system_u:object_r:virtd_lxc_var_run_t:s0
./mls/modules/active/file_contexts.template:/usr/libexec/libvirt_lxc
-- system_u:object_r:virtd_lxc_exec_t:s0
Binary file ./mls/modules/active/policy.kern matches
./mls/contexts/files/file_contexts:/var/run/libvirt/lxc(/.*)?
system_u:object_r:virtd_lxc_var_run_t:s0
./mls/contexts/files/file_contexts:/var/run/libvirt-sandbox(/.*)?
system_u:object_r:virtd_lxc_var_run_t:s0
./mls/contexts/files/file_contexts:/usr/libexec/libvirt_lxc --
system_u:object_r:virtd_lxc_exec_t:s0
Binary file ./mls/contexts/files/file_contexts.bin matches
ivan
3965
days inactive
3966
days old
5 comments
3 participants
participants (3)
-
Daniel P. Berrange -
Ivan Gooten -
Michal Privoznik