similar to: [libvirt] how to use svirt

?Hi, ?I've installed libvirt-0.9.13 on RHEL6.2 from the source code. I cannot make sVirt working with LXC. (sVirt works well with KVM, though.) I can start an LXC instance, but the label of the process is not right. Can someone help me? I tried to change /etc/libvirtd/lxc.conf file to explicitly enable security_driver = "selinux". But it ends up with error saying "error :

[If you're using the upstream libguestfs with default settings, then this does NOT affect you. libvirt isn't required by libguestfs.] >From libguestfs 1.19.41, if you have selected the alternate libvirt method to launch the appliance, ie, if you have done: ./configure --with-default-attach-method=libvirt then sVirt is enabled by default. This is for enhanced security: if a

Anyone have a pointer or some documentation or a how to enable svirt support in RHEL 5.4 using libvirt 6.3 and KVM/QEMU? Thanks Jonathan -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20100330/1e3a2dff/attachment.htm>

I have an older quad-core AMD processor that supports hardware virtualization on a motherboard that does not support it in the bios. Eventually I'll swap the mobo out on this box for one that will support hardware virtualization and use qemu-kvm. I prefer kvm because of SELinux and sVirt that protects the host from VM breakout should a VM become hostile. In the meantime, I want to start work

Hello, I have a simple C program that uses libguestfs to extract info about disk usage from a libvirt domain. It works when ran manually as root, but fails when started as a systemd service. I'm attaching the service file, source code and verbose logs from both the successful manual run and from the service journal. SELinix is disabled. Error messages: libguestfs:

On 16/03/18 18:37, Alexander Dalloz wrote: > Am 16.03.2018 um 13:09 schrieb hw: >> On 03/16/2018 12:14 PM, Richard Grainger wrote: >>>> Yet again I could not find any documentation explaining how to do basic >>>> things like this :(? Selinux is more like a curse than anything else >>>> :( Why >>>> is there not even a good documentation?

Hi , Based on the discussion and links referred as mentioned in earlier thread , I could able to perform the block commit and other operations successfully. Here are the changes required to perform block commit 1. Used Ubuntu 15.04 which has following versions of Libvirt and Qemu Compiled against library: libvirt 1.2.12 Using library: libvirt 1.2.12 Using API: QEMU 1.2.12 Running hypervisor:

Run sudo with -n (non-interactive), so it will fail right away when not configured to not require a password. This will avoid the connection to time out. --- p2v/ssh.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/p2v/ssh.c b/p2v/ssh.c index b432cbd..c6bf306 100644 --- a/p2v/ssh.c +++ b/p2v/ssh.c @@ -490,7 +490,7 @@ test_connection (struct config *config) */ if

This is not a libvirt/redhat question… With your method you can only revert to versions which are available in the standard repositories. You’ll have to download the packages manually to force a different version. Use with caution. There is a reason why the version isn’t in the standard repositories. Van: libvirt-users-bounces@redhat.com [mailto:libvirt-users-bounces@redhat.com] Namens Keyur

On Wed, Jan 13, 2016 at 04:25:14PM +0100, Martin Kletzander wrote: > For each of the kernels, libvirt labels them (with both DAC and selinux > labels), then proceeds to launching qemu. If this is done parallel, the > race is pretty obvious. Could you remind me why you couldn't use > <seclabel model='none'/> or <seclabel relabel='no'/> or something that

Hello! Where I can get maybe a tutorial or smth like this about how to use SELinux with libvirt?

On Tue, Mar 14, 2017 at 06:03:33PM +0100, Jean Aunis wrote: > Hello, > > Did you disable selinux ? It usually causes troubles when starting asterisk > as a service. You can do this with : setenforce 0 (this will not totally > disable selinux, but switch it to a permissive mode). Generally before advising that, check if this is the error: tail -f /var/log/audit/audit.log and

hi,all a qemu-kvm process and its disk(image file) have the same MCS(s0:c111,c555). it express this process have access to this image. i do not know the power to access its image file is the max or min? if any other power this process(domain) has?how much? i want to know the exact power a qemu-kvm process has besides access its image file ,other kinds of files,dirs etc. my test case:

Here https://libvirt.org/acl.html is stated that you designed this access control system as pluggable. Are there any options ( even with modifying libvirt code) to plug in any custom driver? I just need to take a try and design something that will support remote access control. I am not sure if sVirt is the right thing I should look at. 2018-05-09 11:27 GMT+03:00 Daniel P. Berrangé

Hi. I am stuck with this one and I do not know where and how to search for this problem nor do I know how to fix it. When I reboot one of our servers (CentOS 6.7, selinux target, yum fully updated) the http server loads fine (no erros) but when accessing one of the server's websites it displays "Forbidden", restarting the httpd server (command line) will give full access and all is

hi all, i am new to the libvirt. Via libvirt i am converting my xen.com.sfg. In xen i added xsm label as, seclabel:system_u:domU_t. but after creating vm using xen or by convertdom-to-xml also does not contain any label or text with xen-4.2.1. in the documentation also you mentioned selinux label (sVirt) only. Can u clear me the following things: 1. How to use XSM label in libvirt.? 2. What

static function selinux_warning() isn't used if HAVE_LIBSELINUX isn't defined, which results in a warning. --- src/launch-libvirt.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/launch-libvirt.c b/src/launch-libvirt.c index 4588602..10a4d2c 100644 --- a/src/launch-libvirt.c +++ b/src/launch-libvirt.c @@ -138,7 +138,10 @@ static int make_drive_priv (guestfs_h *g, struct

On Wed, May 09, 2018 at 10:00:19AM +0100, Daniel P. Berrangé wrote: > On Wed, May 09, 2018 at 11:50:33AM +0300, Anastasiya Ruzhanskaya wrote: > > Here https://libvirt.org/acl.html is stated that you designed this access > > control system as pluggable. Are there any options ( even with modifying > > libvirt code) to plug in any custom driver? > > I just need to take a

Just a note [possibly more of a warning] that I'm intending to switch the default backend in Fedora 18+ to libvirt this week. For more information about what this means, see: https://rwmj.wordpress.com/2012/07/23/new-in-libguestfs-use-libvirt-to-launch-the-appliance/#content Barring any bugs, the change ought to be transparent. The reasons why we're making this change in Fedora are:

https://bugzilla.redhat.com/show_bug.cgi?id=912499 (especially comments 7 & 10) This patch set is the final fix so that we can access disks in use by other guests when SELinux and sVirt are enabled. Previously such disks were inaccessible because sVirt labels the disks with a random SELinux label to prevent other instances of qemu from being able to read them. So naturally the libguestfs