'Re: [libvirt-users] libvirt-sandbox question.'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       libvirt-users
Subject:    Re: [libvirt-users] libvirt-sandbox question.
From:       "Daniel P. Berrange" <berrange () redhat ! com>
Date:       2014-01-29 15:13:35
Message-ID: 20140129151335.GR790 () redhat ! com
[Download RAW message or body]

On Wed, Jan 29, 2014 at 09:59:30AM -0500, Christopher Stone wrote:
> I hope this question isn't considered too off topic for this list, I am
> trying to reach the libvirt-sandbox developers, but I could not find a
> libvirt-sandbox specific mailing list, and it seemed to me that
> libvirt-sandbox was a part of libvirt itself.

Yes, libvirt-sandbox questions are welcome here

   http://sandbox.libvirt.org/communicate/

> Next, I try to use libvirt-sandbox, and I get the following error:
> [root@scwnet1 tests]# /usr/local/bin/virt-sandbox -c lxc:/// /bin/sh
> Unable to start sandbox: Failed to create domain: unsupported
> configuration: Unable to find security driver for label selinux

Ok, so libvirt either hasn't compiled selinux, or has failed to
activate it

> configure:71252: Security Drivers
> configure:71254:
> configure:71256:  SELinux: yes (/sys/fs/selinux)
> configure:71258: AppArmor: no (install profiles: no)

That confirms you've got basic SELinux support compiled, but it
doesn't mean that's enough to enable it for LXC. We also have
a check for the selinux_lxc_contexts_path function in libselinux.so

> My libvirt capabilites shows this:
> [root@scwnet1 tests]# virsh -c lxc:/// capabilities
> <capabilities>
>     <secmodel>
>       <model>none</model>
>       <doi>0</doi>
>     </secmodel>
>   </host>

> </capabilities>
> 
> 
> 
> I am not sure if secmodel none is the problem.

Yes, that confirms that it definitely isn't available for LXC


I think you'd probably need to upgrade the libselinux library
and selinux policy too I'm afraid.

FWIW, I've never really intended that libvirt-sandbox work on
RHEL-6, since as you've discovered quite a few dependancies
are too old and require updating. I've only targetted Fedora
and forthcoming RHEL-7

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic