Displaying 20 results from an estimated 51 matches for "svirt_t".
Did you mean:
svirt
2013 Apr 08
1
libvirt, selinux, moving images to ~/images does not work
...uot;eebbb23 qemu:
support URI syntax for NBD").
More detailed output is below, this is all from the host system.
What do I miss? Thank you.
[root at vpl2 ~]# tail /var/log/messages
Apr 8 16:47:48 vpl2 dbus-daemon[2903]: libsepol.sepol_context_to_sid:
could not convert system_u:system_r:svirt_t:s0:c263,c837 to sid
Apr 8 16:47:48 vpl2 dbus-daemon[2903]: libsepol.context_from_record: user
system_u is not defined
Apr 8 16:47:48 vpl2 dbus-daemon[2903]: libsepol.context_from_record: could
not create context structure
Apr 8 16:47:48 vpl2 dbus-daemon[2903]: libsepol.context_from_string: cou...
2019 May 27
2
[PATCH] Use proper label for nbdkit sockets
While svirt_t can be used for sockets it does not always guarantee that it will
be accessible from a virtual machine. The VM might be running under svirt_tcg_t
context which will need a svirt_tcg_t label on the socket in order to access it.
There is, however, another label, svirt_socket_t, which is accessible...
2012 Mar 22
1
Does libvirt check MCS labels during hot-add disk image ?
...n
accepts addition of disk images of other guest running on the host.
Steps followed to create this scenario :
Started two VMs with following security configurations:
vm1:
<seclabel type='dynamic' model='selinux' relabel='yes'>
<label>system_u:system_r:svirt_t:s0:c219,c564</label>
<imagelabel>system_u:object_r:svirt_image_t:s0:c219,c564</imagelabel>
</seclabel>
vm2 :
<seclabel type='dynamic' model='selinux' relabel='yes'>
<label>system_u:system_r:svirt_t:s0:c122,c658</label>...
2020 Jul 02
2
Re: Two questions about NVDIMM devices
Daniel P. Berrangé <berrange@redhat.com> writes:
> On Thu, Jul 02, 2020 at 01:21:15PM +0200, Milan Zamazal wrote:
>> Hi,
>>
>
>> I've met two situations with NVDIMM support in libvirt where I'm not
>> sure all the parties (libvirt & I) do the things correctly.
>>
>> The first problem is with memory alignment and size changes. In
2011 Oct 15
2
SELinux triggered during Libvirt snapshots
...helpful to debug this. The server is
CentOS 6 x86_64 updated to CR. This is the raw audit entry, (hostname
removed)
node=kvmhost.tld type=AVC msg=audit(1318634450.285:28): avc: denied {
getattr } for pid=1842 comm="qemu-kvm" name="/" dev=dm-2 ino=2
scontext=system_u:system_r:svirt_t:s0:c772,c779
tcontext=system_u:object_r:fs_t:s0 tclass=filesystem
node=kvmhost.tld type=SYSCALL msg=audit(1318634450.285:28): arch=c000003e
syscall=138 success=no exit=-13 a0=9 a1=7fff1cf153f0 a2=0 a3=7fff1cf15170
items=0 ppid=1 pid=1842 auid=4294967295 uid=107 gid=107 euid=107 suid=107
fsuid=107 e...
2019 May 28
0
Re: [PATCH] Use proper label for nbdkit sockets
On Mon, May 27, 2019 at 01:30:05PM +0200, Martin Kletzander wrote:
> While svirt_t can be used for sockets it does not always guarantee that it will
> be accessible from a virtual machine. The VM might be running under svirt_tcg_t
> context which will need a svirt_tcg_t label on the socket in order to access it.
I don't really know enough about SELinux or the sVirt po...
2020 Jul 09
0
NVDIMM in devdax mode and SELinux (was: Two questions about NVDIMM devices)
...till occurs.)
audit.log reports the following when starting a VM with an NVDIMM device
in devdax mode:
type=AVC msg=audit(1594144691.758:913): avc: denied { map } for pid=21659 comm="qemu-kvm" path="/dev/dax0.0" dev="tmpfs" ino=1521557 scontext=system_u:system_r:svirt_t:s0:c216,c981 tcontext=system_u:object_r:svirt_image_t:s0:c216,c981 tclass=chr_file permissive=0
type=AVC msg=audit(1594144691.758:914): avc: denied { map } for pid=21659 comm="qemu-kvm" path="/dev/dax0.0" dev="tmpfs" ino=1521557 scontext=system_u:system_r:svirt_t:...
2019 Sep 09
0
Reg: <operation not permitted><netlink socket><Qemu device>
...ing VM Live migration.
If I am using QEMU command directly to launch the VM, then any operation on
Netlink socket works fine. But, If I am using libvirt to create the VM and
attaching the device, then I am getting permission denied error. As I found
out that this is related to SElinux, I added the svirt_t context as
permissive *"semanage permissive -a svirt_t". *With this, I am not
receiving permission denied error, instead i am receiving "operation not
permitted" error.
I changed the user and group field in libvirtd/qemu.conf to root/root. But
still, I am facing the same proble...
2012 Jul 24
1
How can I make sVirt work with LXC (libvirt-0.9.13)?
...?? ? ? ?<parameter name="PROJMASK" value="255.255.0.0"/>
?? ? ?</filterref>
?? ?</interface>
?? ?<console type="pty"/>
??</devices>
</domain>
* Svirt works well with KVM as is shown below:
$ ps auxZ | grep qemu
system_u:system_r:svirt_t:s0:c128,c132 root 22710 6.9 ?0.2 895040 34332 ? ? ? ?Sl ? 11:17 ? 0:07 /usr/libexec/qemu-kvm -name instance-0000001b -S -M pc-0.14 -cpu core2duo,+lahf_lm,+dca,+pdcm,+xtpr,+cx16,+tm2,+est,+vmx,+ds_cpl,+dtes64,+pbe,+tm,+ht,+ss,+acpi,+ds -enable-kvm -m 512 -smp 1,sockets=1,cores=1,threads=1 -uuid 1271...
2020 Jul 16
1
Re: SELinux labels change in libvirt
...o be further uses in virt-launcher (i.e. the non-privileged
> > container): https://github.com/kubevirt/kubevirt/pull/3290
>
> In normal host OS deployment, libvirtd runs under virtd_t, and when
> it spawns QEMU, it will relabel files to svirt_image_t:s0:$MCS, and
> spawn QEMU as svirt_t:s0:$MCS.
>
> My understanding is what in kubevirt, things work differently. Docker
> (or podman), launch the container as container_t:s0:$MCS. libvirtd
> *and* QEMU thus both run as container_t:s0:$MCS. ie All the labelling
> is setup when the container is launched and libvirtd sho...
2012 Jan 17
1
[CentOS] VirtIO disk 'leakage' across guests?
.../>
<address type='pci' domain='0x0000' bus='0x00'
slot='0x06' function='0x0'/>
</memballoon>
</devices>
<seclabel type='dynamic' model='selinux' relabel='yes'>
<label>system_u:system_r:svirt_t:s0:c299,c322</label>
<imagelabel>system_u:object_r:svirt_image_t:s0:c299,c322</imagelabel>
</seclabel>
</domain>
virsh #
A substantially identical clone of the prototype. This
guest has had no additional storage added to it.
virsh # dumpxml sshpipe.harte-lyne...
2013 Jul 21
2
Re: Clipboard
.../>
<address type='pci' domain='0x0000' bus='0x00' slot='0x06'
function='0x0'/>
</memballoon>
</devices>
<seclabel type='dynamic' model='selinux' relabel='yes'>
<label>system_u:system_r:svirt_t:s0:c665,c969</label>
<imagelabel>system_u:object_r:svirt_image_t:s0:c665,c969</imagelabel>
</seclabel>
</domain>
2020 Jul 14
2
Re: SELinux labels change in libvirt
On Tue, Jul 14, 2020 at 3:33 PM Daniel P. Berrangé <berrange@redhat.com>
wrote:
> On Tue, Jul 14, 2020 at 03:21:17PM +0300, Ram Lavi wrote:
> > Hello all,
> >
> > tl;dr, can you point me to the point in the libvirt repo where it's
> trying
> > to change a tap-device's SELinux label?
> >
> > I am trying to create a tap device with libvirt on
2010 Jul 15
0
How to create a guest os from existing disk image file
...alias name='video0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02'
function='0x0'/>
</video>
</devices>
<seclabel type='dynamic' model='selinux'>
<label>system_u:system_r:svirt_t:s0:c370,c413</label>
<imagelabel>system_u:object_r:svirt_image_t:s0:c370,c413</imagelabel>
</seclabel>
</domain>
Thanks/Regards.
Rajiv.R
Project Associate.
CARE. MIT
Anna University Chennai
-------------- next part --------------
An HTML attachment was scrubb...
2011 Jul 28
0
Snapshot error "command savevm not found"
...ame='balloon0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05'
function='0x0'/>
</memballoon>
</devices>
<seclabel type='dynamic' model='selinux'>
<label>system_u:system_r:svirt_t:s0:c292,c580</label>
<imagelabel>system_u:object_r:svirt_image_t:s0:c292,c580</imagelabel>
</seclabel>
</domain>
------------
This is my first attempt at snapshots with KVM after migrating from ESXi, so
if there's a better method please let me know.
Thank...
2020 Jul 14
0
Re: SELinux labels change in libvirt
...ileged
> container) to be further uses in virt-launcher (i.e. the non-privileged
> container): https://github.com/kubevirt/kubevirt/pull/3290
In normal host OS deployment, libvirtd runs under virtd_t, and when
it spawns QEMU, it will relabel files to svirt_image_t:s0:$MCS, and
spawn QEMU as svirt_t:s0:$MCS.
My understanding is what in kubevirt, things work differently. Docker
(or podman), launch the container as container_t:s0:$MCS. libvirtd
*and* QEMU thus both run as container_t:s0:$MCS. ie All the labelling
is setup when the container is launched and libvirtd should not do
anything.
So...
2011 Aug 02
1
Snapshot error "command savevm not found"
...ame='balloon0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05'
function='0x0'/>
</memballoon>
</devices>
<seclabel type='dynamic' model='selinux'>
<label>system_u:system_r:svirt_t:s0:c292,c580</label>
<imagelabel>system_u:object_r:svirt_image_t:s0:c292,c580</imagelabel>
</seclabel>
</domain>
------------
This is my first attempt at snapshots with KVM after migrating from ESXi, so
if there's a better method please let me know.
Thank...
2010 Jul 19
1
How to create a guest os from existing disk image file with virt-install
...alias name='video0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02'
function='0x0'/>
</video>
</devices>
<seclabel type='dynamic' model='selinux'>
<label>system_u:system_r:svirt_t:s0:c370,c413</label>
<imagelabel>system_u:object_r:svirt_image_t:s0:c370,c413</imagelabel>
</seclabel>
</domain>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20100...
2016 Jun 06
0
Adding a channel device within an Openstack Fedora Instance ..
.../>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
</memballoon>
</devices>
<seclabel type='dynamic' model='selinux' relabel='yes'>
<label>system_u:system_r:svirt_t:s0:c699,c952</label>
<imagelabel>system_u:object_r:svirt_image_t:s0:c699,c952</imagelabel>
</seclabel>
</domain>
How may I add this controller ( before adding the channel device) ?
Thanks for help.
Regards,
Jean-Pierre RIBEAUVILLE
+33 1 4717 2049
[axway_lo...
2013 Jul 21
0
Re: Clipboard
...lt;address type='pci' domain='0x0000' bus='0x00' slot='0x06'
> function='0x0'/>
> </memballoon>
> </devices>
> <seclabel type='dynamic' model='selinux' relabel='yes'>
> <label>system_u:system_r:svirt_t:s0:c665,c969</label>
> <imagelabel>system_u:object_r:svirt_image_t:s0:c665,c969</imagelabel>
> </seclabel>
> </domain>