[Bug 814680] New: libvirt needs --without-selinux
https://bugzilla.novell.com/show_bug.cgi?id=814680 https://bugzilla.novell.com/show_bug.cgi?id=814680#c0 Summary: libvirt needs --without-selinux Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: All OS/Version: openSUSE 12.3 Status: NEW Severity: Normal Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: bwiedemann@suse.com QAContact: qa-bugs@suse.de CC: jfehlig@suse.com Found By: Development Blocker: --- I found that booting an image with libvirt/lxc fails if it contains a /selinux dir libvirtError: internal error guest failed to start: PATH=/bin:/sbin TERM=linux container=lxc-libvirt container_uuid=57fb6949-227b-44d8-92ad-f5bb418a1dab LIBVIRT_LXC_UUID=57fb6949-227b-44d8-92ad-f5bb418a1dab LIBVIRT_LXC_NAME=instance-00000001 LIBVIRT_LXC_CMDLINE=console=ttyS0 /sbin/init\n2013-04-10 12:58:58.845+0000: 1: info : libvirt version: 1.0.2\n2013-04-10 12:58:58.845+0000: 1: error : lxcContainerMountBasicFS:571 : Failed to mount /selinux on /selinux type selinuxfs flags=e opts=(null): No such device I found that it helped to change the .spec file thus: -%define with_selinux 0%{!?_without_selinux:%{server_drivers}} +%define with_selinux 0 which causes configure to be called with --without-selinux which prevents it from putting /selinux onto the mount list in src/lxc/lxc_container.c -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=814680 https://bugzilla.novell.com/show_bug.cgi?id=814680#c1 James Fehlig <jfehlig@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO CC| |jdouglas@suse.com InfoProvider| |bwiedemann@suse.com --- Comment #1 from James Fehlig <jfehlig@suse.com> 2013-04-11 01:47:51 UTC --- (In reply to comment #0)
I found that booting an image with libvirt/lxc fails if it contains a /selinux dir
Why does this directory exist? Is selinux installed on the host? Can you just remove that directory, or set selinux to permissive? E.g, see this thread https://www.redhat.com/archives/libvir-list/2013-March/msg01500.html There's also a RH bugzilla on this issue, but we have the fix in our 12.3 libvirt package https://bugzilla.redhat.com/show_bug.cgi?id=857341
I found that it helped to change the .spec file thus:
-%define with_selinux 0%{!?_without_selinux:%{server_drivers}} +%define with_selinux 0
That disables all selinux support in libvirt, so is only a workaround and not a fix. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=814680 https://bugzilla.novell.com/show_bug.cgi?id=814680#c2 Bernhard Wiedemann <bwiedemann@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|bwiedemann@suse.com | --- Comment #2 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-04-11 09:38:56 CEST --- The host is a normal openSUSE-12.3 VM supposedly without selinux support. the guest image is old http://openqa.suse.de/sle/img/euca-debian-5.0-i386.tar.gz it contains an empty and unused /selinux dir but this has been working fine with openstack+libvirt+lxc in 12.2 The linked thread suggests removing /selinux on the host, but in my case, only removing /selinux in the VM rootfs helped (because that is where it tries to mount) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=814680 https://bugzilla.novell.com/show_bug.cgi?id=814680#c Xiaolong Li <xlli@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |xlli@suse.com AssignedTo|bnc-team-screening@forge.pr |jfehlig@suse.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=814680 https://bugzilla.novell.com/show_bug.cgi?id=814680#c3 Tomasz Paszkowski <tpaszkowski@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tpaszkowski@novell.com --- Comment #3 from Tomasz Paszkowski <tpaszkowski@novell.com> 2013-04-29 11:56:34 UTC --- I believe it's critical bug, as it makes openstack deployment with LXC and selinux turned off impossible (eg. openstack-quickstart script). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=814680 https://bugzilla.novell.com/show_bug.cgi?id=814680#c4 James Fehlig <jfehlig@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |bwiedemann@suse.com --- Comment #4 from James Fehlig <jfehlig@suse.com> 2013-05-20 21:01:12 UTC --- Can you try the packages I have queued for a 12.3 update http://download.opensuse.org/repositories/Virtualization:/openSUSE12.3/openS... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=814680 https://bugzilla.novell.com/show_bug.cgi?id=814680#c6 Bernhard Wiedemann <bwiedemann@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|bwiedemann@suse.com | --- Comment #6 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-05-29 13:49:21 CEST --- tested libvirt from that repo and it seems to work will be good to have it in 12.3 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=814680 https://bugzilla.novell.com/show_bug.cgi?id=814680#c7 James Fehlig <jfehlig@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #7 from James Fehlig <jfehlig@suse.com> 2013-05-30 06:49:53 UTC --- I'll submit a maintenancerequest, which will include some other fixes for 12.3, in the next days. Thanks for testing it. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=814680 https://bugzilla.novell.com/show_bug.cgi?id=814680#c8 --- Comment #8 from James Fehlig <jfehlig@suse.com> 2013-06-04 16:31:49 UTC --- FYI, the fix has been released in openSUSE:12.3:Update now. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com