search for: svirt

Displaying 20 results from an estimated 101 matches for "svirt".

Did you mean: virt
2013 Apr 03
1
Re: [libvirt] how to use svirt
On 04/03/2013 10:25 AM, yue wrote: > > hi,all > > i know svirt is merged into libvirt upstream, but how to use them? > You had better to ask this kind of question to libvirt-users@redhat.com in the future, it's a user mail listing, you may ask all kind of libvirt usage questions if you want, the following is some reference: https://access.re...
2012 Sep 14
0
NOTE: In libguestfs 1.19.41, the libvirt backend will have sVirt enabled by default
...m libguestfs with default settings, then this does NOT affect you. libvirt isn't required by libguestfs.] >From libguestfs 1.19.41, if you have selected the alternate libvirt method to launch the appliance, ie, if you have done: ./configure --with-default-attach-method=libvirt then sVirt is enabled by default. This is for enhanced security: if a malicious disk image manages to corrupt the appliance *and* take over qemu, then SELinux provides additional confinement of the qemu process, ensuring it cannot read or write arbitrary files or other resources in the host. From Fedora 18,...
2012 Jul 24
1
How can I make sVirt work with LXC (libvirt-0.9.13)?
 Hi,  I've installed libvirt-0.9.13 on RHEL6.2 from the source code. I cannot make sVirt working with LXC. (sVirt works well with KVM, though.) I can start an LXC instance, but the label of the process is not right. Can someone help me? I tried to change /etc/libvirtd/lxc.conf file to explicitly enable security_driver = "selinux". But it ends up with error sayin...
2010 Mar 30
0
how-to doc for svirt/SELinux enabling
Anyone have a pointer or some documentation or a how to enable svirt support in RHEL 5.4 using libvirt 6.3 and KVM/QEMU? Thanks Jonathan
2018 May 07
0
SELinux (sVirt) with libvirt
Hello! Where I can get maybe a tutorial or smth like this about how to use SELinux with libvirt?
2013 Apr 17
1
question about process power which has MCSx
hi,all a qemu-kvm process and its disk(image file) have the same MCS(s0:c111,c555). it express this process have access to this image. i do not know the power to access its image file is the max or min? if any other power this process(domain) has?how much? i want to know the exact power a qemu-kvm process has besides access its image file ,other kinds of files,dirs etc. my test case:
2018 Nov 02
2
guestfs_launch() fails when C application is started as a systemd service
...ttaching the service file, source code and verbose logs from both the successful manual run and from the service journal. SELinix is disabled. Error messages: libguestfs: set_socket_create_context: getcon failed: (none): Invalid argument [you can ignore this message if you are not using SELinux + sVirt] libguestfs: clear_socket_create_context: setsockcreatecon failed: NULL: Invalid argument [you can ignore this message if you are not using SELinux + sVirt] libguestfs: error: chown: /tmp/libguestfsvMMaec/guestfsd.sock: Operation not permitted libguestfs: clear_socket_create_context: se...
2011 Nov 02
2
VirtualBox on CentOS 6.0?
I have an older quad-core AMD processor that supports hardware virtualization on a motherboard that does not support it in the bios. Eventually I'll swap the mobo out on this box for one that will support hardware virtualization and use qemu-kvm. I prefer kvm because of SELinux and sVirt that protects the host from VM breakout should a VM become hostile. In the meantime, I want to start work on a web project and want to use this idle machine and CentOS 6.0 in a VM. What I prototype and learn will eventually be moved to the production machine using kvm and sVirt. So...I downloaded...
2014 Mar 17
2
KVM -snapshot mode
Hi, I'm just wondering is there any way for me to trigger KVM's -snapshot parameter from libvirt. I don't want to clone a disk etc. I just need a way so that KVM is spawned with a '-snapshot' parameter. Anyone got any ideas? Cheers Chris
2018 Nov 02
0
Re: guestfs_launch() fails when C application is started as a systemd service
...ode and verbose logs from both the > successful manual run and from the service journal. > > SELinix is disabled. > > Error messages: > libguestfs: set_socket_create_context: getcon failed: (none): Invalid > argument [you can ignore this message if you are not using SELinux + sVirt] > libguestfs: clear_socket_create_context: setsockcreatecon failed: NULL: > Invalid argument [you can ignore this message if you are not using SELinux > + sVirt] > libguestfs: error: chown: /tmp/libguestfsvMMaec/guestfsd.sock: Operation > not permitted > libguestfs: c...
2012 Dec 13
0
Release notes appendix for libguestfs 1.20 on Debian Wheezy
...;= 0.10.2 is required), the new libvirt attach-method will not work in Debian. See the release notes for what you'll miss out on. Of course the default (appliance) method works fine, and libvirt is not required. Even if newer libvirt and qemu where available in Debian, it seems unlikely that sVirt protection would work. This is partly because of the obvious fact that Debian doesn't use SELinux (by default). But mainly because we have made several changes to the SELinux policy in Fedora to support libguestfs with libvirt and sVirt. Also, although in theory AppArmor could implement sVir...
2016 May 31
2
[PATCH] p2v: require a non-interative sudo (RHBZ#1340809)
...- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/p2v/ssh.c b/p2v/ssh.c index b432cbd..c6bf306 100644 --- a/p2v/ssh.c +++ b/p2v/ssh.c @@ -490,7 +490,7 @@ test_connection (struct config *config) */ if (mexp_printf (h, "%svirt-v2v --version\n", - config->sudo ? "sudo " : "") == -1) { + config->sudo ? "sudo -n " : "") == -1) { set_ssh_error ("mexp_printf: %m"); mexp_close (h); return -1; -- 2.5.5
2016 Jan 13
1
Re: [libvirt] Quantifying libvirt errors in launching the libguestfs appliance
...els), then proceeds to launching qemu. If this is done parallel, the > race is pretty obvious. Could you remind me why you couldn't use > <seclabel model='none'/> or <seclabel relabel='no'/> or something that > would mitigate this? We value having sVirt :-) However I'm just about to rerun the tests with <seclabel type='none'/> to see if the problem goes away. Will let you know tomorrow once they have run again. > If we cannot use this, then we need to implement > the <seclabel/> element for kernel and initr...
2012 Jan 25
2
How to change libvirt / cgroup interaction?
Hi there, Do you know if there is a way to modify how libvirt interacts with the cgroup? Because, I successfully add the /dev/net/tun support in my LXC container by doing: echo c 10:200 rwm >> /cgroup/libvirt/lxc/instance-00000005/devices.allow But when I restart the instance/LXC container, this option has gone. How can I make this persistant? Is
2018 May 09
2
Re: Libvirt access control drivers
...ps://libvirt.org/acl.html is stated that you designed this access control system as pluggable. Are there any options ( even with modifying libvirt code) to plug in any custom driver? I just need to take a try and design something that will support remote access control. I am not sure if sVirt is the right thing I should look at. 2018-05-09 11:27 GMT+03:00 Daniel P. Berrangé <berrange@redhat.com>: > On Wed, May 09, 2018 at 11:21:22AM +0300, Anastasiya Ruzhanskaya wrote: > > Ok, excuse me for misunderstanding, how it is possible then to set up > > access control whe...
2013 Feb 28
9
[PATCH 0/7] Fix SELinux security contexts so we can access shared disks (RHBZ#912499).
https://bugzilla.redhat.com/show_bug.cgi?id=912499 (especially comments 7 & 10) This patch set is the final fix so that we can access disks in use by other guests when SELinux and sVirt are enabled. Previously such disks were inaccessible because sVirt labels the disks with a random SELinux label to prevent other instances of qemu from being able to read them. So naturally the libguestfs appliance (ie. qemu) cannot read these disks, not even if it is running as root. The fix is...
2018 May 09
2
Re: Libvirt access control drivers
...at you designed this access > > control system as pluggable. Are there any options ( even with modifying > > libvirt code) to plug in any custom driver? > > I just need to take a try and design something that will support remote > > access control. > > I am not sure if sVirt is the right thing I should look at. > > It is pluggable in the sense that we can write more backends for it > without having to refactor the rest of libvirt codebase. It isn't > pluggable from POV of an end user wishing to change it - it needs > contribution to libvirt code to...
2012 Feb 15
1
Detecting Co-residency of VMs on KVM
I am doing an experiment which involves detecting co-resident VMs (testing if 2 VMs are on the same physical machine) on KVM. I have tried using cache covert channel, but this test does not work if the VMs are on different processors within the same host as the caches are not shared then. If I use the tools netperf and iperf to differentiate using network channels, I am not getting clear results.
2013 May 16
1
[PATCH] Fix compiler warning when libselinux is not present
.....) free (msg); } +#if HAVE_LIBSELINUX static void selinux_warning (guestfs_h *g, const char *func, const char *selinux_op, const char *data) @@ -1724,6 +1728,7 @@ selinux_warning (guestfs_h *g, const char *func, " [you can ignore this UNLESS using SELinux + sVirt]", func, selinux_op, data ? data : "(none)"); } +#endif /* This backend assumes virtio-scsi is available. */ static int -- 1.8.1.4
2013 Aug 06
1
LIbvirt seclabel.
...all, i am new to the libvirt. Via libvirt i am converting my xen.com.sfg. In xen i added xsm label as, seclabel:system_u:domU_t. but after creating vm using xen or by convertdom-to-xml also does not contain any label or text with xen-4.2.1. in the documentation also you mentioned selinux label (sVirt) only. Can u clear me the following things: 1. How to use XSM label in libvirt.? 2. What are the procedures(syntax and tags) to use for xsm label in xml file.? Regards, cooldharma06