[libvirt-users] Unable to find security driver for label selinux
Hi experts, I want to have a test on security driver for libvirt lxc on my debian system. What I do is as the following steps: 1) download the source code from git://libvirt.org/libvirt.git 2) compile and install with the source code as following: ./autogen.sh --system ./configure --with-selinux=yes --with-secdriver-selinux=yes make -j8 & make install root@debian:~/github/libvirt.git/tools# ./virsh --version=long Virsh command line tool of libvirt 1.2.8 See web site at http://libvirt.org/ Compiled with support for: Hypervisors: QEMU/KVM LXC UML OpenVZ VMWare VirtualBox Test Networking: Remote Network Bridging Interface udev Nwfilter VirtualPort Storage: Dir Filesystem SCSI Multipath LVM Miscellaneous: Daemon Nodedev SELinux Secrets Debug Modular 3) then I define a lxc vm with the seclabel : root@debian:~/images# vir dumpxml lxc <domain type='lxc'> <name>lxc</name> <uuid>b1b787a1-d20e-48bd-938b-16ba61d22405</uuid> <memory unit='KiB'>419404</memory> <currentMemory unit='KiB'>419404</currentMemory> <vcpu placement='static'>1</vcpu> <resource> <partition>/machine</partition> </resource> <os> <type arch='x86_64'>exe</type> <init>/sbin/init</init> <cmdline>console=tty0 console=ttyS0</cmdline> </os> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>destroy</on_crash> <devices> <emulator>/usr/local/libexec/libvirt_lxc</emulator> <filesystem type='mount' accessmode='passthrough'> <source dir='/tmp/rootfs'/> <target dir='/'/> </filesystem> <console type='pty'> <target type='lxc' port='0'/> </console> </devices> <seclabel type='dynamic' relabel='yes'/> </domain 4) When I start the vm, It output an error: root@debian:~/images# vir start lxc error: Failed to start domain lxc error: unsupported configuration: Unable to find security driver for label selinux What's the problem? Really appreciate for any help. -- ------------ Jackie Best Regards
On 29.08.2014 04:03, Qiang Guan wrote:
Hi experts,
I want to have a test on security driver for libvirt lxc on my debian system. What I do is as the following steps: 1) download the source code from git://libvirt.org/libvirt.git 2) compile and install with the source code as following: ./autogen.sh --system ./configure --with-selinux=yes --with-secdriver-selinux=yes make -j8 & make install
root@debian:~/github/libvirt.git/tools# ./virsh --version=long Virsh command line tool of libvirt 1.2.8 See web site at http://libvirt.org/ Compiled with support for: Hypervisors: QEMU/KVM LXC UML OpenVZ VMWare VirtualBox Test Networking: Remote Network Bridging Interface udev Nwfilter VirtualPort Storage: Dir Filesystem SCSI Multipath LVM Miscellaneous: Daemon Nodedev SELinux Secrets Debug Modular
3) then I define a lxc vm with the seclabel : root@debian:~/images# vir dumpxml lxc <domain type='lxc'> <name>lxc</name> <uuid>b1b787a1-d20e-48bd-938b-16ba61d22405</uuid> <memory unit='KiB'>419404</memory> <currentMemory unit='KiB'>419404</currentMemory> <vcpu placement='static'>1</vcpu> <resource> <partition>/machine</partition> </resource> <os> <type arch='x86_64'>exe</type> <init>/sbin/init</init> <cmdline>console=tty0 console=ttyS0</cmdline> </os> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>destroy</on_crash> <devices> <emulator>/usr/local/libexec/libvirt_lxc</emulator> <filesystem type='mount' accessmode='passthrough'> <source dir='/tmp/rootfs'/> <target dir='/'/> </filesystem> <console type='pty'> <target type='lxc' port='0'/> </console> </devices> <seclabel type='dynamic' relabel='yes'/> </domain
4) When I start the vm, It output an error: root@debian:~/images# vir start lxc error: Failed to start domain lxc error: unsupported configuration: Unable to find security driver for label selinux
What's the problem?
While you probably have selinux libraries installed, you're not running selinux enabled kernel. That's why selinux driver is disabled and the domain won't start. Michal
participants (2)
-
Michal Privoznik -
Qiang Guan