Displaying 20 results from an estimated 1000 matches similar to: "[libvirt] how to use svirt"
2012 Jul 24
1
How can I make sVirt work with LXC (libvirt-0.9.13)?
?Hi,
?I've installed libvirt-0.9.13 on RHEL6.2 from the source code.
I cannot make sVirt working with LXC. (sVirt works well with KVM, though.)
I can start an LXC instance, but the label of the process is not right.
Can someone help me?
I tried to change /etc/libvirtd/lxc.conf file to explicitly enable
security_driver = "selinux".
But it ends up with error saying "error :
2012 Sep 14
0
NOTE: In libguestfs 1.19.41, the libvirt backend will have sVirt enabled by default
[If you're using the upstream libguestfs with default settings, then
this does NOT affect you. libvirt isn't required by libguestfs.]
>From libguestfs 1.19.41, if you have selected the alternate libvirt
method to launch the appliance, ie, if you have done:
./configure --with-default-attach-method=libvirt
then sVirt is enabled by default.
This is for enhanced security: if a
2010 Mar 30
0
how-to doc for svirt/SELinux enabling
Anyone have a pointer or some documentation or a how to enable svirt
support in RHEL 5.4 using libvirt 6.3 and KVM/QEMU?
Thanks
Jonathan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20100330/1e3a2dff/attachment.htm>
2011 Nov 02
2
VirtualBox on CentOS 6.0?
I have an older quad-core AMD processor that supports hardware
virtualization on a motherboard that does not support it in the bios.
Eventually I'll swap the mobo out on this box for one that will support
hardware virtualization and use qemu-kvm. I prefer kvm because of
SELinux and sVirt that protects the host from VM breakout should a VM
become hostile.
In the meantime, I want to start work
2018 Nov 02
2
guestfs_launch() fails when C application is started as a systemd service
Hello,
I have a simple C program that uses libguestfs to extract info about disk
usage from a libvirt domain. It works when ran manually as root, but fails
when started as a systemd service.
I'm attaching the service file, source code and verbose logs from both the
successful manual run and from the service journal.
SELinix is disabled.
Error messages:
libguestfs:
2018 Mar 16
3
selinux: how to allow access?
On 16/03/18 18:37, Alexander Dalloz wrote:
> Am 16.03.2018 um 13:09 schrieb hw:
>> On 03/16/2018 12:14 PM, Richard Grainger wrote:
>>>> Yet again I could not find any documentation explaining how to do basic
>>>> things like this :(? Selinux is more like a curse than anything else
>>>> :( Why
>>>> is there not even a good documentation?
2016 Jan 05
0
Re: Efficient live disk backup with active blockcommit : Failed 'block-commit': Could not reopen file: Permission denied
Hi ,
Based on the discussion and links referred as mentioned in earlier thread ,
I could able to perform the block commit and other operations
successfully. Here are the changes required to perform block commit
1. Used Ubuntu 15.04 which has following versions of Libvirt and Qemu
Compiled against library: libvirt 1.2.12
Using library: libvirt 1.2.12
Using API: QEMU 1.2.12
Running hypervisor:
2016 May 31
2
[PATCH] p2v: require a non-interative sudo (RHBZ#1340809)
Run sudo with -n (non-interactive), so it will fail right away when not
configured to not require a password. This will avoid the connection to
time out.
---
p2v/ssh.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/p2v/ssh.c b/p2v/ssh.c
index b432cbd..c6bf306 100644
--- a/p2v/ssh.c
+++ b/p2v/ssh.c
@@ -490,7 +490,7 @@ test_connection (struct config *config)
*/
if
2015 Dec 09
2
Re: Efficient live disk backup with active blockcommit : Failed 'block-commit': Could not reopen file: Permission denied
This is not a libvirt/redhat question…
With your method you can only revert to versions which are available in the standard repositories. You’ll have to download the packages manually to force a different version. Use with caution. There is a reason why the version isn’t in the standard repositories.
Van: libvirt-users-bounces@redhat.com [mailto:libvirt-users-bounces@redhat.com] Namens Keyur
2016 Jan 13
1
Re: [libvirt] Quantifying libvirt errors in launching the libguestfs appliance
On Wed, Jan 13, 2016 at 04:25:14PM +0100, Martin Kletzander wrote:
> For each of the kernels, libvirt labels them (with both DAC and selinux
> labels), then proceeds to launching qemu. If this is done parallel, the
> race is pretty obvious. Could you remind me why you couldn't use
> <seclabel model='none'/> or <seclabel relabel='no'/> or something that
2018 May 07
0
SELinux (sVirt) with libvirt
Hello!
Where I can get maybe a tutorial or smth like this about how to use SELinux
with libvirt?
2017 Mar 14
3
Having problem getting Asterisk to work on CentOS 7
On Tue, Mar 14, 2017 at 06:03:33PM +0100, Jean Aunis wrote:
> Hello,
>
> Did you disable selinux ? It usually causes troubles when starting asterisk
> as a service. You can do this with : setenforce 0 (this will not totally
> disable selinux, but switch it to a permissive mode).
Generally before advising that, check if this is the error:
tail -f /var/log/audit/audit.log
and
2013 Apr 17
1
question about process power which has MCSx
hi,all
a qemu-kvm process and its disk(image file) have the same MCS(s0:c111,c555). it express this process have access to this image.
i do not know the power to access its image file is the max or min?
if any other power this process(domain) has?how much?
i want to know the exact power a qemu-kvm process has besides access its image file ,other kinds of files,dirs etc.
my test case:
2018 May 09
2
Re: Libvirt access control drivers
Here https://libvirt.org/acl.html is stated that you designed this access
control system as pluggable. Are there any options ( even with modifying
libvirt code) to plug in any custom driver?
I just need to take a try and design something that will support remote
access control.
I am not sure if sVirt is the right thing I should look at.
2018-05-09 11:27 GMT+03:00 Daniel P. Berrangé
2015 Nov 07
5
After reboot of web-server accessing website shows "Forbidden", restarting httpd all is fine
Hi.
I am stuck with this one and I do not know where and how to search for this problem nor do I know how to fix it.
When I reboot one of our servers (CentOS 6.7, selinux target, yum fully updated) the http server loads fine (no erros) but when accessing one of the server's websites it displays "Forbidden", restarting the httpd server (command line) will give full access and all is
2013 Aug 06
1
LIbvirt seclabel.
hi all,
i am new to the libvirt. Via libvirt i am converting my xen.com.sfg.
In xen i added xsm label as, seclabel:system_u:domU_t.
but after creating vm using xen or by convertdom-to-xml also does not
contain any label or text with xen-4.2.1.
in the documentation also you mentioned selinux label (sVirt) only. Can u
clear me the following things:
1. How to use XSM label in libvirt.?
2. What
2013 May 16
1
[PATCH] Fix compiler warning when libselinux is not present
static function selinux_warning() isn't used if HAVE_LIBSELINUX isn't
defined, which results in a warning.
---
src/launch-libvirt.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/src/launch-libvirt.c b/src/launch-libvirt.c
index 4588602..10a4d2c 100644
--- a/src/launch-libvirt.c
+++ b/src/launch-libvirt.c
@@ -138,7 +138,10 @@ static int make_drive_priv (guestfs_h *g, struct
2018 May 09
2
Re: Libvirt access control drivers
On Wed, May 09, 2018 at 10:00:19AM +0100, Daniel P. Berrangé wrote:
> On Wed, May 09, 2018 at 11:50:33AM +0300, Anastasiya Ruzhanskaya wrote:
> > Here https://libvirt.org/acl.html is stated that you designed this access
> > control system as pluggable. Are there any options ( even with modifying
> > libvirt code) to plug in any custom driver?
> > I just need to take a
2012 Aug 19
1
Fedora 18 / Rawhide switch over to using libvirt as the back end
Just a note [possibly more of a warning] that I'm intending to switch
the default backend in Fedora 18+ to libvirt this week. For more
information about what this means, see:
https://rwmj.wordpress.com/2012/07/23/new-in-libguestfs-use-libvirt-to-launch-the-appliance/#content
Barring any bugs, the change ought to be transparent. The reasons why
we're making this change in Fedora are:
2013 Feb 28
7
[PATCH 0/7] Fix SELinux security contexts so we can access shared disks (RHBZ#912499).
https://bugzilla.redhat.com/show_bug.cgi?id=912499
(especially comments 7 & 10)
This patch set is the final fix so that we can access disks in use by
other guests when SELinux and sVirt are enabled.
Previously such disks were inaccessible because sVirt labels the disks
with a random SELinux label to prevent other instances of qemu from
being able to read them. So naturally the libguestfs