Displaying 16 results from an estimated 16 matches for "security_driver".
2020 Jul 14
2
Re: SELinux labels change in libvirt
...reated by itself, so there
shouldn't be relabeling failures, right?
>
> Either the SELinux policy needs to be changed to allow libvirtd to
> relabel stuff in the normal manner, or you will have to turn off
> SELinux support in libvirtd. in /etc/libvirt/qemu.conf via the
> param security_driver = "none". If you turn off SELinux in
> libvirt, then you no longer have separation of QEMU processes
> which may be a security flaw depending on your deplyoment
> scenario.
>
turning SELinux in libvirtd off or allowing libvirt to relabel are tempting
options but it is not an...
2015 Dec 09
2
Re: Efficient live disk backup with active blockcommit : Failed 'block-commit': Could not reopen file: Permission denied
...will look into the AppArmor issue and find out more about this.
Also as per suggestion from the link i have uncommented the user and group from the qemu.conf file - https://github.com/jedi4ever/veewee/issues/996
By checking more on the AppArmor and sVirt issue , i have modified the qemu.conf for security_driver="none". The result for this is no permission error but another error which can be related to QEMU 2.3.0
virsh # blockcommit vm-01 vda --verbose --pivot --active
Block Commit: [100 %]error: failed to pivot job for disk vda
error: internal error: unable to execute QEMU command 'block-j...
2020 Jul 14
0
Re: SELinux labels change in libvirt
...what
SELinux policy libvirtd is running under.
> >
> > Either the SELinux policy needs to be changed to allow libvirtd to
> > relabel stuff in the normal manner, or you will have to turn off
> > SELinux support in libvirtd. in /etc/libvirt/qemu.conf via the
> > param security_driver = "none". If you turn off SELinux in
> > libvirt, then you no longer have separation of QEMU processes
> > which may be a security flaw depending on your deplyoment
> > scenario.
> >
> turning SELinux in libvirtd off or allowing libvirt to relabel are tempting...
2015 Dec 08
2
Re: Efficient live disk backup with active blockcommit : Failed 'block-commit': Could not reopen file: Permission denied
...will look
into the AppArmor issue and find out more about this.
Also as per suggestion from the link i have uncommented the user and group
from the qemu.conf file - https://github.com/jedi4ever/veewee/issues/996
By checking more on the AppArmor and sVirt issue , i have modified the
qemu.conf for security_driver="none". The result for this is no permission
error but another error which can be related to QEMU 2.3.0
virsh # blockcommit vm-01 vda --verbose --pivot --active
Block Commit: [100 %]error: failed to pivot job for disk vda
error: internal error: unable to execute QEMU command 'block-j...
2016 Jan 05
0
Re: Efficient live disk backup with active blockcommit : Failed 'block-commit': Could not reopen file: Permission denied
...ertainly has some issues
regarding the block commit as lowering the version to 2.2 resolved "active
block job" issue.
2. Modified the configuration /etc/libvirt/qemu.conf
- Had to modify the qemu.conf file which is under /etc/libvirt to
resolve the permission denied error.
- Added security_driver="none"
Supportive reference : https://libvirt.org/drvqemu.html
I have two question regarding this.-
1. Is there any way we can avoid modifying /etc/libvirt/qemu.conf for
security driver changes and perform block commit . ?
2. Has anyone tried with Qemu 2.4 for blockcommit and related...
2020 Jul 14
2
SELinux labels change in libvirt
Hello all,
tl;dr, can you point me to the point in the libvirt repo where it's trying
to change a tap-device's SELinux label?
I am trying to create a tap device with libvirt on a
super-privileged container, and then use it on another,
unprivileged container with libvirt.
User wise, I know I need the super-privileged container to open the tap
device with the user of the unprivileged one -
2012 Jul 24
1
How can I make sVirt work with LXC (libvirt-0.9.13)?
...39;ve installed libvirt-0.9.13 on RHEL6.2 from the source code.
I cannot make sVirt working with LXC. (sVirt works well with KVM, though.)
I can start an LXC instance, but the label of the process is not right.
Can someone help me?
I tried to change /etc/libvirtd/lxc.conf file to explicitly enable
security_driver = "selinux".
But it ends up with error saying "error : virSecurityDriverLookup:74 : internal error Security driver selinux not found".
SELinux is in a permissive mode but is not enforcing.
?The current situation is as follows:
* The label of an LXC container is not properly...
2020 Jul 16
1
Re: SELinux labels change in libvirt
...is running under.
>
> > >
> > > Either the SELinux policy needs to be changed to allow libvirtd to
> > > relabel stuff in the normal manner, or you will have to turn off
> > > SELinux support in libvirtd. in /etc/libvirt/qemu.conf via the
> > > param security_driver = "none". If you turn off SELinux in
> > > libvirt, then you no longer have separation of QEMU processes
> > > which may be a security flaw depending on your deplyoment
> > > scenario.
> > >
> > turning SELinux in libvirtd off or allowing libvirt...
2020 Jul 14
0
Re: SELinux labels change in libvirt
..., then TAP devices label failure is just going to be one
out of 100's of labelling failures.
Either the SELinux policy needs to be changed to allow libvirtd to
relabel stuff in the normal manner, or you will have to turn off
SELinux support in libvirtd. in /etc/libvirt/qemu.conf via the
param security_driver = "none". If you turn off SELinux in
libvirt, then you no longer have separation of QEMU processes
which may be a security flaw depending on your deplyoment
scenario.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.or...
2009 May 28
1
[PATCH node] Temporarily disable security driver.
...d -i -e 's/^[[:space:]]*#[[:space:]]*\(vnc_listen = "0.0.0.0"\).*/\1/' \
/etc/libvirt/qemu.conf
+
+ # FIXME: For now, disable selinux security driver for qemu since we don't seem
+ # to have the right policy file for it on F10. DELETE ME FOR F11!!
+ echo 'security_driver = "none"' >> /etc/libvirt/qemu.conf
+
# set up libvirtd to listen on TCP (for kerberos)
sed -i -e "s/^[[:space:]]*#[[:space:]]*\(listen_tcp\)\>.*/\1 = 1/" \
-e "s/^[[:space:]]*#[[:space:]]*\(listen_tls\)\>.*/\1 = 0/" \
--
1.6.0.6
2014 Mar 27
0
libvirt-users@redhat.com
...ame action was done with another host running libvirt version
Installed: 1.0.2-0ubuntu11.13.04.5~cloud1
Candidate: 1.0.2-0ubuntu11.13.04.5~cloud1
and it worked pretty OK. No problem.
Do you have any idea what is wrong?
More information:
Kernel : 3.8.0-37-generic
/etc/libvirt/qemu.conf : security_driver = "none”
root@compute01:~# ethtool -i eth5
driver: bnx2x
version: 1.78.58
firmware-version: bc 7.4.22 phy 1.34
bus-info: 0000:04:00.1
supports-statistics: yes
supports-test: yes
supports-eeprom-access: yes
supports-register-dump: yes
2014 Mar 27
0
Attach / detach problem for passthrough/SR-IOV in libvirt
...ame action was done with another host running libvirt version
Installed: 1.0.2-0ubuntu11.13.04.5~cloud1
Candidate: 1.0.2-0ubuntu11.13.04.5~cloud1
and it worked pretty OK. No problem.
Do you have any idea what is wrong?
More information:
Kernel : 3.8.0-37-generic
/etc/libvirt/qemu.conf : security_driver = "none”
root@compute01:~# ethtool -i eth5
driver: bnx2x
version: 1.78.58
firmware-version: bc 7.4.22 phy 1.34
bus-info: 0000:04:00.1
supports-statistics: yes
supports-test: yes
supports-eeprom-access: yes
supports-register-dump: yes
2014 Nov 21
0
How to enable apparmor security driver for libvirt
...AppArmor library Perl
bindings
ii libapparmor1:amd64 2.8.95~2430-0ubuntu5.1 amd64 changehat AppArmor
library
ubuntu@ubuntu:~/github/libvirt$./autogen.sh --system --with-apparmor
ubuntu@ubuntu:~/github/libvirt$make -j8
ubuntu@ubuntu:~/github/libvirt$sudo make install
Then I configure the apparmor (security_driver = "apparmor") in
/etc/libvirt/qemu.conf, and restart libvirtd.
I thought this may be ok. But it turned out that apparmor security
driver is not loaded for my libvirt:
The output of "virsh capabilities | grep apparmor" is None.
What's the problem?
Best Regards~
Jackie
2015 Dec 08
0
Re: Efficient live disk backup with active blockcommit : Failed 'block-commit': Could not reopen file: Permission denied
...rmor issue and find out more about this.
> Also as per suggestion from the link i have uncommented the user and group
> from the qemu.conf file - https://github.com/jedi4ever/veewee/issues/996
>
> By checking more on the AppArmor and sVirt issue , i have modified the
> qemu.conf for security_driver="none". The result for this is no permission
> error but another error which can be related to QEMU 2.3.0
>
> virsh # blockcommit vm-01 vda --verbose --pivot --active
> Block Commit: [100 %]error: failed to pivot job for disk vda
> error: internal error: unable to execute Q...
2014 Jan 19
1
How to configure MacVtap passthrough mode to SR-IOV VF?
...ing able to access the share from within VirtManager.
Add all three machines ip addresses to each machines /hosts file.
MIGRATION WILL NOT WORK WITHOUT FULLY QUALIFIED DOMAIN NAMES.
KVM:
On both HV1, and HV2 servers:
Edit /etc/selinux/config
SELINUX=disabled
Edit /etc/libvirt/qemu.conf
Change security_driver=none
On HV1 and HV2 start Virtual Machine Manager
Double click on localhost(QEMU)
Then click on the storage tab at the top of the window that pops up
Down in the left hand corner is a box with a + sign in it, click on that. A new window will appear entitled Add a New Storage Pool
In the n...
2015 Dec 07
3
Efficient live disk backup with active blockcommit : Failed 'block-commit': Could not reopen file: Permission denied
Hi ,
Working on the simple POC : Advanced snapshot using libvirt and qemu .
Following are the exact steps which are followed .
1. Created as base VM - Ubuntu 15.10 with following libvirt and qemu
versions
Using library: libvirt 1.2.16
Using API: QEMU 1.2.16
Running hypervisor: QEMU 2.3.0
QEMU emulator version 2.3.0 (Debian 1:2.3+dfsg-5ubuntu9.1), Copyright
(c) 2003-2008 Fabrice