similar to: how-to doc for svirt/SELinux enabling

[If you're using the upstream libguestfs with default settings, then this does NOT affect you. libvirt isn't required by libguestfs.] >From libguestfs 1.19.41, if you have selected the alternate libvirt method to launch the appliance, ie, if you have done: ./configure --with-default-attach-method=libvirt then sVirt is enabled by default. This is for enhanced security: if a

On 04/03/2013 10:25 AM, yue wrote: > > hi,all > > i know svirt is merged into libvirt upstream, but how to use them? > You had better to ask this kind of question to libvirt-users at redhat.com in the future, it's a user mail listing, you may ask all kind of libvirt usage questions if you want, the following is some reference:

Hello! Where I can get maybe a tutorial or smth like this about how to use SELinux with libvirt?

?Hi, ?I've installed libvirt-0.9.13 on RHEL6.2 from the source code. I cannot make sVirt working with LXC. (sVirt works well with KVM, though.) I can start an LXC instance, but the label of the process is not right. Can someone help me? I tried to change /etc/libvirtd/lxc.conf file to explicitly enable security_driver = "selinux". But it ends up with error saying "error :

On Thu, Oct 31, 2013 at 04:32:45PM +0100, Matteo Piccinini wrote: > Hello list, > > my name is Matteo, i'm new on that list. > I'm working on a multitenancy platform with linux containers through libvirt on a production system with Red Hat 6.4. > Every container run a separate instance of OpenSSH and Apache HTTPd and I need to give root privileges to the developers and I

Hello list, my name is Matteo, i'm new on that list. I'm working on a multitenancy platform with linux containers through libvirt on a production system with Red Hat 6.4. Every container run a separate instance of OpenSSH and Apache HTTPd and I need to give root privileges to the developers and I try to configure SELinux using svirt and MCS. I try the secmodel type dynamic and static in

I just want to bring everyone's attention this important bug in Fedora 18. It looks like people are now starting to upgrade to F18 and are hitting this bug. https://bugzilla.redhat.com/show_bug.cgi?id=912499 In brief, when virt-manager runs, it starts some libguestfs instances in the background to inspect guests. Starting with Fedora 18 these use libvirt and because of a bad interaction

Milan Zamazal <mzamazal@redhat.com> writes: > Daniel P. Berrangé <berrange@redhat.com> writes: > >> On Thu, Jul 02, 2020 at 01:21:15PM +0200, Milan Zamazal wrote: >>> The second problem is that a VM fails to start with a backing NVDIMM in >>> devdax mode due to SELinux preventing access to the /dev/dax* device (it >>> doesn't happen with any

[Moving this to the libguestfs mailing list] On Mon, Jan 13, 2014 at 03:05:14PM -0500, Daniel J Walsh wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 01/13/2014 11:49 AM, Richard W.M. Jones wrote: > > On Mon, Jan 13, 2014 at 10:20:22AM -0500, Daniel J Walsh wrote: > >> Secondly we prevent even unconfined_t from putting down labels on the > >>

There's two parts to this question. On Tue, Jan 12, 2016 at 05:26:10PM +0200, Yaniv Kaul wrote: > I didn't see what are the main differences in > http://libguestfs.org/guestfs.3.html#backend The basic concept of the backend is how do we run the libguestfs appliance (http://libguestfs.org/guestfs-internals.1.html#architecture). There are two ways we could run the appliance: either

https://bugzilla.redhat.com/show_bug.cgi?id=912499 (especially comments 7 & 10) This patch set is the final fix so that we can access disks in use by other guests when SELinux and sVirt are enabled. Previously such disks were inaccessible because sVirt labels the disks with a random SELinux label to prevent other instances of qemu from being able to read them. So naturally the libguestfs

On Fri, Nov 02, 2018 at 06:04:08PM +0200, Peter Dimitrov wrote: > Hello, > > I have a simple C program that uses libguestfs to extract info about disk > usage from a libvirt domain. It works when ran manually as root, but fails > when started as a systemd service. > > I'm attaching the service file, source code and verbose logs from both the > successful manual run

I'm just about to release libguestfs 1.20. I want to cover some things that are different or won't work as well in Debian Wheezy. ** Most important ** Debian Wheezy ships with febootstrap 3.17. This is too old to run libguestfs 1.20 out of the box (febootstrap >= 3.20 required). However if you apply the attached patch to libguestfs, then it will work with the older febootstrap.

If I change SELinux from disabled to enabled (or permissive first) will it take long to rebuild the SEL labels on about 250GB file system? Kind Regards, Keith Roberts ----------------------------------------------------------- Websites: http://www.karsites.net http://www.php-debuggers.net http://www.raised-from-the-dead.org.uk All email addresses are challenge-response protected with TMDA

On Wed, 26 Feb 2020 at 14:06, Jonathan Billings <billings at negate.org> wrote: > On Feb 26, 2020, at 08:52, Nicolas Kovacs <info at microlinux.fr> wrote: > > > >> Le 26/02/2020 ? 11:51, Nicolas Kovacs a ?crit : > >> SELinux is preventing /usr/bin/python2.7 from read access on the file > disable. > >> ***** Plugin catchall (100. confidence)

It seems that the appliance is broken. Try removing /var/tmp/.guestfs-0/ and run the test tool again. Tomas On Fri, 3 Jan 2020 13:53:10 +0800 "??" <249016681 at qq.com> wrote: > Hi, > &nbsp; &nbsp; I have use&nbsp; kvm ? virsh ? virt&nbsp; &nbsp;for almost half year ?all things goes well ? > &nbsp; &nbsp; but recently? I use

I have an older quad-core AMD processor that supports hardware virtualization on a motherboard that does not support it in the bios. Eventually I'll swap the mobo out on this box for one that will support hardware virtualization and use qemu-kvm. I prefer kvm because of SELinux and sVirt that protects the host from VM breakout should a VM become hostile. In the meantime, I want to start work

Hello, I have a simple C program that uses libguestfs to extract info about disk usage from a libvirt domain. It works when ran manually as root, but fails when started as a systemd service. I'm attaching the service file, source code and verbose logs from both the successful manual run and from the service journal. SELinix is disabled. Error messages: libguestfs:

I'm very pleased to announce the release of libguestfs 1.20. Libguestfs is a library and a comprehensive set of tools for accessing and modifying virtual machine (VM) disk images. For more information see http://libguestfs.org Libguestfs 1.20 represents 7 months of upstream work, dozens of major new features and bug fixes. For full details read the release notes below. You can download

Hi,Richard: &nbsp; &nbsp; &nbsp; &nbsp;I use&nbsp;/bin/virt-copy-in&nbsp; failed , virt-copy-in&nbsp;&nbsp;have no diff with other nomarl machine(work well ) ,&nbsp;&nbsp; &nbsp; &nbsp; &nbsp; /bin/virt-copy-in: symbol lookup error: /lib64/libguestfs.so.0: undefined symbol: json_string_length&nbsp; &nbsp; &nbsp; &nbsp;here are