search for: security_driv

...reated by itself, so there shouldn't be relabeling failures, right? > > Either the SELinux policy needs to be changed to allow libvirtd to > relabel stuff in the normal manner, or you will have to turn off > SELinux support in libvirtd. in /etc/libvirt/qemu.conf via the > param security_driver = "none". If you turn off SELinux in > libvirt, then you no longer have separation of QEMU processes > which may be a security flaw depending on your deplyoment > scenario. > turning SELinux in libvirtd off or allowing libvirt to relabel are tempting options but it is not a...

...will look into the AppArmor issue and find out more about this. Also as per suggestion from the link i have uncommented the user and group from the qemu.conf file - https://github.com/jedi4ever/veewee/issues/996 By checking more on the AppArmor and sVirt issue , i have modified the qemu.conf for security_driver="none". The result for this is no permission error but another error which can be related to QEMU 2.3.0 virsh # blockcommit vm-01 vda --verbose --pivot --active Block Commit: [100 %]error: failed to pivot job for disk vda error: internal error: unable to execute QEMU command 'block...

...what SELinux policy libvirtd is running under. > > > > Either the SELinux policy needs to be changed to allow libvirtd to > > relabel stuff in the normal manner, or you will have to turn off > > SELinux support in libvirtd. in /etc/libvirt/qemu.conf via the > > param security_driver = "none". If you turn off SELinux in > > libvirt, then you no longer have separation of QEMU processes > > which may be a security flaw depending on your deplyoment > > scenario. > > > turning SELinux in libvirtd off or allowing libvirt to relabel are temptin...

...will look into the AppArmor issue and find out more about this. Also as per suggestion from the link i have uncommented the user and group from the qemu.conf file - https://github.com/jedi4ever/veewee/issues/996 By checking more on the AppArmor and sVirt issue , i have modified the qemu.conf for security_driver="none". The result for this is no permission error but another error which can be related to QEMU 2.3.0 virsh # blockcommit vm-01 vda --verbose --pivot --active Block Commit: [100 %]error: failed to pivot job for disk vda error: internal error: unable to execute QEMU command 'block...

...ertainly has some issues regarding the block commit as lowering the version to 2.2 resolved "active block job" issue. 2. Modified the configuration /etc/libvirt/qemu.conf - Had to modify the qemu.conf file which is under /etc/libvirt to resolve the permission denied error. - Added security_driver="none" Supportive reference : https://libvirt.org/drvqemu.html I have two question regarding this.- 1. Is there any way we can avoid modifying /etc/libvirt/qemu.conf for security driver changes and perform block commit . ? 2. Has anyone tried with Qemu 2.4 for blockcommit and relate...

Hello all, tl;dr, can you point me to the point in the libvirt repo where it's trying to change a tap-device's SELinux label? I am trying to create a tap device with libvirt on a super-privileged container, and then use it on another, unprivileged container with libvirt. User wise, I know I need the super-privileged container to open the tap device with the user of the unprivileged one -

...39;ve installed libvirt-0.9.13 on RHEL6.2 from the source code. I cannot make sVirt working with LXC. (sVirt works well with KVM, though.) I can start an LXC instance, but the label of the process is not right. Can someone help me? I tried to change /etc/libvirtd/lxc.conf file to explicitly enable security_driver = "selinux". But it ends up with error saying "error : virSecurityDriverLookup:74 : internal error Security driver selinux not found". SELinux is in a permissive mode but is not enforcing. ?The current situation is as follows: * The label of an LXC container is not properl...

...is running under. > > > > > > > Either the SELinux policy needs to be changed to allow libvirtd to > > > relabel stuff in the normal manner, or you will have to turn off > > > SELinux support in libvirtd. in /etc/libvirt/qemu.conf via the > > > param security_driver = "none". If you turn off SELinux in > > > libvirt, then you no longer have separation of QEMU processes > > > which may be a security flaw depending on your deplyoment > > > scenario. > > > > > turning SELinux in libvirtd off or allowing libvi...

..., then TAP devices label failure is just going to be one out of 100's of labelling failures. Either the SELinux policy needs to be changed to allow libvirtd to relabel stuff in the normal manner, or you will have to turn off SELinux support in libvirtd. in /etc/libvirt/qemu.conf via the param security_driver = "none". If you turn off SELinux in libvirt, then you no longer have separation of QEMU processes which may be a security flaw depending on your deplyoment scenario. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt....

...d -i -e 's/^[[:space:]]*#[[:space:]]*\(vnc_listen = "0.0.0.0"\).*/\1/' \ /etc/libvirt/qemu.conf + + # FIXME: For now, disable selinux security driver for qemu since we don't seem + # to have the right policy file for it on F10. DELETE ME FOR F11!! + echo 'security_driver = "none"' >> /etc/libvirt/qemu.conf + # set up libvirtd to listen on TCP (for kerberos) sed -i -e "s/^[[:space:]]*#[[:space:]]*\(listen_tcp\)\>.*/\1 = 1/" \ -e "s/^[[:space:]]*#[[:space:]]*\(listen_tls\)\>.*/\1 = 0/" \ -- 1.6.0.6

...ame action was done with another host running libvirt version Installed: 1.0.2-0ubuntu11.13.04.5~cloud1 Candidate: 1.0.2-0ubuntu11.13.04.5~cloud1 and it worked pretty OK. No problem. Do you have any idea what is wrong? More information: Kernel : 3.8.0-37-generic /etc/libvirt/qemu.conf : security_driver = "none” root@compute01:~# ethtool -i eth5 driver: bnx2x version: 1.78.58 firmware-version: bc 7.4.22 phy 1.34 bus-info: 0000:04:00.1 supports-statistics: yes supports-test: yes supports-eeprom-access: yes supports-register-dump: yes

...ame action was done with another host running libvirt version Installed: 1.0.2-0ubuntu11.13.04.5~cloud1 Candidate: 1.0.2-0ubuntu11.13.04.5~cloud1 and it worked pretty OK. No problem. Do you have any idea what is wrong? More information: Kernel : 3.8.0-37-generic /etc/libvirt/qemu.conf : security_driver = "none” root@compute01:~# ethtool -i eth5 driver: bnx2x version: 1.78.58 firmware-version: bc 7.4.22 phy 1.34 bus-info: 0000:04:00.1 supports-statistics: yes supports-test: yes supports-eeprom-access: yes supports-register-dump: yes

...AppArmor library Perl bindings ii libapparmor1:amd64 2.8.95~2430-0ubuntu5.1 amd64 changehat AppArmor library ubuntu@ubuntu:~/github/libvirt$./autogen.sh --system --with-apparmor ubuntu@ubuntu:~/github/libvirt$make -j8 ubuntu@ubuntu:~/github/libvirt$sudo make install Then I configure the apparmor (security_driver = "apparmor") in /etc/libvirt/qemu.conf, and restart libvirtd. I thought this may be ok. But it turned out that apparmor security driver is not loaded for my libvirt: The output of "virsh capabilities | grep apparmor" is None. What's the problem? Best Regards~ Jackie

...rmor issue and find out more about this. > Also as per suggestion from the link i have uncommented the user and group > from the qemu.conf file - https://github.com/jedi4ever/veewee/issues/996 > > By checking more on the AppArmor and sVirt issue , i have modified the > qemu.conf for security_driver="none". The result for this is no permission > error but another error which can be related to QEMU 2.3.0 > > virsh # blockcommit vm-01 vda --verbose --pivot --active > Block Commit: [100 %]error: failed to pivot job for disk vda > error: internal error: unable to execute...

...ing able to access the share from within VirtManager.  Add all three machines ip addresses to each machines /hosts file. MIGRATION WILL NOT WORK WITHOUT FULLY QUALIFIED DOMAIN NAMES. KVM: On both HV1, and HV2 servers:  Edit /etc/selinux/config SELINUX=disabled  Edit /etc/libvirt/qemu.conf Change security_driver=none  On HV1 and HV2 start Virtual Machine Manager  Double click on localhost(QEMU)  Then click on the storage tab at the top of the window that pops up  Down in the left hand corner is a box with a + sign in it, click on that. A new window will appear entitled Add a New Storage Pool  In the...

Hi , Working on the simple POC : Advanced snapshot using libvirt and qemu . Following are the exact steps which are followed . 1. Created as base VM - Ubuntu 15.10 with following libvirt and qemu versions Using library: libvirt 1.2.16 Using API: QEMU 1.2.16 Running hypervisor: QEMU 2.3.0 QEMU emulator version 2.3.0 (Debian 1:2.3+dfsg-5ubuntu9.1), Copyright (c) 2003-2008 Fabrice