libvirt users - Aug 2014 - Unable to find security driver for label selinux

Hi experts,

I want to have a test on security driver for libvirt lxc on my debian
system.
What I do is as the following steps:
1) download the source code from git://libvirt.org/libvirt.git
2) compile and install with the source code as following:
./autogen.sh --system
./configure --with-selinux=yes --with-secdriver-selinux=yes
make -j8 & make install

root@debian:~/github/libvirt.git/tools# ./virsh --version=long
Virsh command line tool of libvirt 1.2.8
See web site at http://libvirt.org/
Compiled with support for:
Hypervisors: QEMU/KVM LXC UML OpenVZ VMWare VirtualBox Test
Networking: Remote Network Bridging Interface udev Nwfilter VirtualPort
Storage: Dir Filesystem SCSI Multipath LVM
Miscellaneous: Daemon Nodedev SELinux Secrets Debug Modular

3) then I define a lxc vm with the seclabel :
root@debian:~/images# vir dumpxml lxc
<domain type='lxc'>
<name>lxc</name>
<uuid>b1b787a1-d20e-48bd-938b-16ba61d22405</uuid>
<memory unit='KiB'>419404</memory>
<currentMemory unit='KiB'>419404</currentMemory>
<vcpu placement='static'>1</vcpu>
<resource>
<partition>/machine</partition>
</resource>
<os>
<type arch='x86_64'>exe</type>
<init>/sbin/init</init>
<cmdline>console=tty0 console=ttyS0</cmdline>
</os>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/local/libexec/libvirt_lxc</emulator>
<filesystem type='mount' accessmode='passthrough'>
<source dir='/tmp/rootfs'/>
<target dir='/'/>
</filesystem>
<console type='pty'>
<target type='lxc' port='0'/>
</console>
</devices>
<seclabel type='dynamic' relabel='yes'/>
</domain

4) When I start the vm, It output an error:
root@debian:~/images# vir start lxc
error: Failed to start domain lxc
error: unsupported configuration: Unable to find security driver for
label selinux

What's the problem?
Really appreciate for any help.

-- 
------------
Jackie
Best Regards

On 29.08.2014 04:03, Qiang Guan wrote:
> Hi experts,
>
> I want to have a test on security driver for libvirt lxc on my debian
> system.
> What I do is as the following steps:
> 1) download the source code from git://libvirt.org/libvirt.git
> 2) compile and install with the source code as following:
> ./autogen.sh --system
>   ./configure --with-selinux=yes --with-secdriver-selinux=yes
> make -j8 & make install
>
> root@debian:~/github/libvirt.git/tools# ./virsh --version=long
> Virsh command line tool of libvirt 1.2.8
> See web site at http://libvirt.org/
> Compiled with support for:
>   Hypervisors: QEMU/KVM LXC UML OpenVZ VMWare VirtualBox Test
>   Networking: Remote Network Bridging Interface udev Nwfilter VirtualPort
>   Storage: Dir Filesystem SCSI Multipath LVM
>   Miscellaneous: Daemon Nodedev SELinux Secrets Debug Modular
>
> 3) then I define a lxc vm with the seclabel :
> root@debian:~/images# vir dumpxml lxc
> <domain type='lxc'>
>    <name>lxc</name>
>    <uuid>b1b787a1-d20e-48bd-938b-16ba61d22405</uuid>
>    <memory unit='KiB'>419404</memory>
>    <currentMemory unit='KiB'>419404</currentMemory>
>    <vcpu placement='static'>1</vcpu>
>    <resource>
>      <partition>/machine</partition>
>    </resource>
>    <os>
>      <type arch='x86_64'>exe</type>
>      <init>/sbin/init</init>
>      <cmdline>console=tty0 console=ttyS0</cmdline>
>    </os>
>    <clock offset='utc'/>
>    <on_poweroff>destroy</on_poweroff>
>    <on_reboot>restart</on_reboot>
>    <on_crash>destroy</on_crash>
>    <devices>
>      <emulator>/usr/local/libexec/libvirt_lxc</emulator>
>      <filesystem type='mount'
accessmode='passthrough'>
>        <source dir='/tmp/rootfs'/>
>        <target dir='/'/>
>      </filesystem>
>      <console type='pty'>
>        <target type='lxc' port='0'/>
>      </console>
>    </devices>
>    <seclabel type='dynamic' relabel='yes'/>
> </domain
>
> 4) When I start the vm, It output an error:
> root@debian:~/images# vir start lxc
> error: Failed to start domain lxc
> error: unsupported configuration: Unable to find security driver for
> label selinux
>
> What's the problem?
While you probably have selinux libraries installed, you're not running 
selinux enabled kernel. That's why selinux driver is disabled and the 
domain won't start.

Michal