similar to: How can I make sVirt work with LXC (libvirt-0.9.13)?

On 04/03/2013 10:25 AM, yue wrote: > > hi,all > > i know svirt is merged into libvirt upstream, but how to use them? > You had better to ask this kind of question to libvirt-users at redhat.com in the future, it's a user mail listing, you may ask all kind of libvirt usage questions if you want, the following is some reference:

Libvirt doesn't care about security during hot add disk images. It even accepts addition of disk images of other guest running on the host. Steps followed to create this scenario : Started two VMs with following security configurations: vm1: <seclabel type='dynamic' model='selinux' relabel='yes'>

Hi All. I'm trying to setup a guest within my hypervisor that acts as a Console Server, using 10 USB to Serial adapters. The Host is all setup and can access each Serial Port without problems. I have attempted to add the Serial Connections to a Guest, using both Virtual Machine Manager and by editing the .XML file, and I can add up to 4 Serial devices (Including one for console access to the

Hi?all? the problem came out when selinux was enforced in targeted+MCS I start lxc through virsh???virsh -c lxc:/// start instance-00004bd6? 1. When selinux is Permissive?lxc start is ok The result of ?Ps auxZ? is? system_u:system_r:virtd_lxc_t:s0-s0:c0.c1023 root 19218 0.0 0.0 47624 1244 ? Ss 15:26 0:00 /usr/libexec/libvirt_lxc --name

Sorry ?There is avc error messages in dmesg ??? ??should be ?There is no avc error??? ???: Huang,Chaochang ????: 2013?4?25? 15:41 ???: 'libvir-list at redhat.com'; 'libvirt-users at redhat.com' ??: libvirt_lxc start problem when selinux enbale Hi?all? the problem came out when selinux was enforced in targeted+MCS I start lxc through virsh???virsh -c

[If you're using the upstream libguestfs with default settings, then this does NOT affect you. libvirt isn't required by libguestfs.] >From libguestfs 1.19.41, if you have selected the alternate libvirt method to launch the appliance, ie, if you have done: ./configure --with-default-attach-method=libvirt then sVirt is enabled by default. This is for enhanced security: if a

Anyone have a pointer or some documentation or a how to enable svirt support in RHEL 5.4 using libvirt 6.3 and KVM/QEMU? Thanks Jonathan -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20100330/1e3a2dff/attachment.htm>

Hello! Where I can get maybe a tutorial or smth like this about how to use SELinux with libvirt?

Hi, When I'm trying to run qemu-kvm command on RHEL6(linux kernel 2.6.32) then I get following errors which I think related to tap devices in my setup. Any idea why is that? bash$ LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin QEMU_AUDIO_DRV=none /usr/libexec/qemu-kvm -S -M rhel6.2.0 -enable-kvm -m 512 -smp 1,sockets=1,cores=1,threads=1 -name instance-00000027 -uuid

On Tue, Jul 14, 2020 at 6:03 PM Daniel P. Berrangé <berrange@redhat.com> wrote: > On Tue, Jul 14, 2020 at 04:02:17PM +0300, Ram Lavi wrote: > > On Tue, Jul 14, 2020 at 3:33 PM Daniel P. Berrangé <berrange@redhat.com> > > wrote: > > > > > On Tue, Jul 14, 2020 at 03:21:17PM +0300, Ram Lavi wrote: > > > > Hello all, > > > > > >

hi,all a qemu-kvm process and its disk(image file) have the same MCS(s0:c111,c555). it express this process have access to this image. i do not know the power to access its image file is the max or min? if any other power this process(domain) has?how much? i want to know the exact power a qemu-kvm process has besides access its image file ,other kinds of files,dirs etc. my test case:

Hi, I'm just wondering is there any way for me to trigger KVM's -snapshot parameter from libvirt. I don't want to clone a disk etc. I just need a way so that KVM is spawned with a '-snapshot' parameter. Anyone got any ideas? Cheers Chris

Hello, I have a simple C program that uses libguestfs to extract info about disk usage from a libvirt domain. It works when ran manually as root, but fails when started as a systemd service. I'm attaching the service file, source code and verbose logs from both the successful manual run and from the service journal. SELinix is disabled. Error messages: libguestfs:

Hi there, Do you know if there is a way to modify how libvirt interacts with the cgroup? Because, I successfully add the /dev/net/tun support in my LXC container by doing: echo c 10:200 rwm >> /cgroup/libvirt/lxc/instance-00000005/devices.allow But when I restart the instance/LXC container, this option has gone. How can I make this persistant? Is there a configuration file? Thanks

I have an older quad-core AMD processor that supports hardware virtualization on a motherboard that does not support it in the bios. Eventually I'll swap the mobo out on this box for one that will support hardware virtualization and use qemu-kvm. I prefer kvm because of SELinux and sVirt that protects the host from VM breakout should a VM become hostile. In the meantime, I want to start work

Run sudo with -n (non-interactive), so it will fail right away when not configured to not require a password. This will avoid the connection to time out. --- p2v/ssh.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/p2v/ssh.c b/p2v/ssh.c index b432cbd..c6bf306 100644 --- a/p2v/ssh.c +++ b/p2v/ssh.c @@ -490,7 +490,7 @@ test_connection (struct config *config) */ if

On Tue, Jul 14, 2020 at 3:33 PM Daniel P. Berrangé <berrange@redhat.com> wrote: > On Tue, Jul 14, 2020 at 03:21:17PM +0300, Ram Lavi wrote: > > Hello all, > > > > tl;dr, can you point me to the point in the libvirt repo where it's > trying > > to change a tap-device's SELinux label? > > > > I am trying to create a tap device with libvirt on

On Wed, Jan 13, 2016 at 04:25:14PM +0100, Martin Kletzander wrote: > For each of the kernels, libvirt labels them (with both DAC and selinux > labels), then proceeds to launching qemu. If this is done parallel, the > race is pretty obvious. Could you remind me why you couldn't use > <seclabel model='none'/> or <seclabel relabel='no'/> or something that

> Hi, libvirt experts, I used libvirt to create a VM and used backing store to a local file. It works fine until I installed my box to Unbuntu Trusty (14.04). I got the following errors when I tried to start the VM: Could not open backing file: Could not open <path to my backing file>: Permission denied However, if I moved my image file (not base image) to default location

I am doing an experiment which involves detecting co-resident VMs (testing if 2 VMs are on the same physical machine) on KVM. I have tried using cache covert channel, but this test does not work if the VMs are on different processors within the same host as the caches are not shared then. If I use the tools netperf and iperf to differentiate using network channels, I am not getting clear results.