similar to: libvirt, selinux, moving images to ~/images does not work

Hi! I am trying to setup a guest using virt-install script: /usr/bin/virt-install -n fc18guest5 -r 1024 \ --disk path=/home/aik/virtimg/fc18guest,size=8 \ -c /home/aik/virtimg/Fedora-18-ppc64-DVD.iso \ --video vga --arch=ppc64 -d --machine=pseries And it fails. I could not find any relevant log in /var/log/libvirt/ so I simply hacked /usr/local/bin/qemu-system-ppc64 to print all the

Hi! I am trying to run tap networking with libvirtd. My test system is Fedora18/ppc64, libvirt 1.0.4 (compiled from git and installed). On another system with Fedora17/ppc64 with the same settings, dnsmasq is running. All configs in /etc/libvirt/ are default and not changed, the only exception is /etc/libvirt/qemu/networks/default.xml which I copied from Fedora17/ppc64 setup. What does

While svirt_t can be used for sockets it does not always guarantee that it will be accessible from a virtual machine. The VM might be running under svirt_tcg_t context which will need a svirt_tcg_t label on the socket in order to access it. There is, however, another label, svirt_socket_t, which is accessible from virt_domain: # sesearch -A -s svirt_t -c unix_stream_socket -p connectto ...

how do i check the mode of my system used, and how do i change it?how do i check whether to install the acpid?thanks. > From: libvirt-users-request at redhat.com > Subject: libvirt-users Digest, Vol 40, Issue 26 > To: libvirt-users at redhat.com > Date: Thu, 11 Apr 2013 07:34:17 -0400 > > Send libvirt-users mailing list submissions to > libvirt-users at redhat.com > >

I recently began getting periodic emails from SEalert that SELinux is preventing /usr/libexec/qemu-kvm "getattr" access from the directory I store all my virtual machines for KVM. All VMs are stored under /vmstore , which is it's own mount point, and every file and folder under /vmstore currently has the correct context that was set by doing the following: semanage fcontext -a -t

Libvirt doesn't care about security during hot add disk images. It even accepts addition of disk images of other guest running on the host. Steps followed to create this scenario : Started two VMs with following security configurations: vm1: <seclabel type='dynamic' model='selinux' relabel='yes'>

Following the most recent kernel updates I restarted our outgoing SMTP MTA which was recently reconfigured to DKIM sign messages using OpenDKIM. This morning I discovered that Postfix had stopped on that server. Whether it is related to the Postfix issue or not is yet to be determined but, in the process of getting things restarted I ran across this error with Open DKIM: # service opendkim

Daniel P. Berrangé <berrange@redhat.com> writes: > On Thu, Jul 02, 2020 at 01:21:15PM +0200, Milan Zamazal wrote: >> Hi, >> > >> I've met two situations with NVDIMM support in libvirt where I'm not >> sure all the parties (libvirt & I) do the things correctly. >> >> The first problem is with memory alignment and size changes. In

On Mon, May 27, 2019 at 01:30:05PM +0200, Martin Kletzander wrote: > While svirt_t can be used for sockets it does not always guarantee that it will > be accessible from a virtual machine. The VM might be running under svirt_tcg_t > context which will need a svirt_tcg_t label on the socket in order to access it. I don't really know enough about SELinux or the sVirt policy to comment

Milan Zamazal <mzamazal@redhat.com> writes: > Daniel P. Berrangé <berrange@redhat.com> writes: > >> On Thu, Jul 02, 2020 at 01:21:15PM +0200, Milan Zamazal wrote: >>> The second problem is that a VM fails to start with a backing NVDIMM in >>> devdax mode due to SELinux preventing access to the /dev/dax* device (it >>> doesn't happen with any

I've just encountered a problem starting tor. When I do 'systemctl start tor' it fails and I get selinux errors in the log. There was suggestion to do full auditing with 'auditctl -w /etc/shadow -p w'. Which I did and it gave the following type=PROCTITLE msg=audit(1539540150.692:60570): proctitle=2F7573722F62696E2F746F72002D2D72756E61736461656D6F6E0030002D2

I'm experimenting with tor hidden services and got it to work nicely on my Centos7, with tor from epel. That is, until I booted the machine. Then SELinux kicked in and in the logs there's? [warn] Directory /var/lib/tor/hidden_service/ cannot be read: Permission denied The permissions are drwx------.??2 toranon toranon????4096 Jan 28 23:39 hidden_service And SELinux gives the following

?Hi, ?I've installed libvirt-0.9.13 on RHEL6.2 from the source code. I cannot make sVirt working with LXC. (sVirt works well with KVM, though.) I can start an LXC instance, but the label of the process is not right. Can someone help me? I tried to change /etc/libvirtd/lxc.conf file to explicitly enable security_driver = "selinux". But it ends up with error saying "error :

On Tue, Jul 14, 2020 at 6:03 PM Daniel P. Berrangé <berrange@redhat.com> wrote: > On Tue, Jul 14, 2020 at 04:02:17PM +0300, Ram Lavi wrote: > > On Tue, Jul 14, 2020 at 3:33 PM Daniel P. Berrangé <berrange@redhat.com> > > wrote: > > > > > On Tue, Jul 14, 2020 at 03:21:17PM +0300, Ram Lavi wrote: > > > > Hello all, > > > > > >

Hi Team, I am writing a new device in QEMU, which opens and reads from Netlink socket from the hypervisor. I need this Netlink socket to support migration of connection tracking entries during VM Live migration. If I am using QEMU command directly to launch the VM, then any operation on Netlink socket works fine. But, If I am using libvirt to create the VM and attaching the device, then I am

On Sun, 2013-07-21 at 13:49 -0400, Andrew Cathrow wrote: > ----- Original Message ----- > > > From: "Dean Hunter" <deanhunter@comcast.net> > > To: libvirt-users@redhat.com > > Sent: Sunday, July 21, 2013 1:41:16 PM > > Subject: [libvirt-users] Clipboard > > > I am unable to cut and paste between a Fedora 19 host and a Fedora 19 > >

On Sun, 2018-10-14 at 20:13 +0200, Robin Lee wrote: > I've just encountered a problem starting tor. When I do 'systemctl > start tor' it fails and I get selinux errors in the log. There was > suggestion to do full auditing with 'auditctl -w /etc/shadow -p w'. > Which I did and it gave the following > > type=PROCTITLE msg=audit(1539540150.692:60570): >

On Fri, 2008-08-01 at 03:37 -0700, shorewall-users-request@lists.sourceforge.net wrote: > Re: How to block forwarding by port 25? (John Morris) Thanks, that helped to find out the infected pc in private network, also to stop sending spam without our knowledge. is there a good tutorial how to block p2p sharing and messengers with shorewall? i read some topics and posts in forums, but

Is there a way to dinamically know on which network interface domU sees the Vif Dom0 "gives" to them. Ex: on Dom0: Vifname: vif111.0 on DomU: vif111.0 on network interface : eth0 Best Regards, Diego Dias _______________________________________________ Xen-users mailing list Xen-users@lists.xensource.com http://lists.xensource.com/xen-users

I am using a standard Centos 5.4 setup, with kernel-xen-2.6.18-164.15.1.el5 and xen 3.1.2-164.11.1.el5. I have just succeed in migrating an existing XP to this setup and installed successfully gplpv 0.11.0.213. On an other 2003 VM, I am using 0.10.0.134 since several months without any problem. Looking at http://www.meadowcourt.org/downloads/, it seams there is a lot of version in that