Debian Bug report logs - #736909
LXC selinux support not working

version graph

Package: selinux-policy-default; Maintainer for selinux-policy-default is Debian SELinux maintainers <[email protected]>; Source for selinux-policy-default is src:refpolicy (PTS, buildd, popcon).

Affects: libvirt-bin, libvirt

Reported by: Laurent Bigonville <[email protected]>

Date: Wed, 19 Sep 2012 22:54:02 UTC

Severity: important

Found in version refpolicy/2:2.20131214-1

Forwarded to [email protected]

Full log

🔗 View this message in rfc822 format

X-Loop: [email protected]
Subject: Bug#688179: libvirt: Please enable selinux security driver
Reply-To: Mateusz Matuszkowiak <[email protected]>, [email protected]
Resent-From: Mateusz Matuszkowiak <[email protected]>
Original-Sender: [email protected]
Resent-To: [email protected]
Resent-CC: Debian Libvirt Maintainers <[email protected]>
X-Loop: [email protected]
Resent-Date: Wed, 15 Jan 2014 00:03:02 +0000
Resent-Message-ID: <[email protected]>
Resent-Sender: [email protected]
X-Debian-PR-Message: followup 688179
X-Debian-PR-Package: src:libvirt
X-Debian-PR-Keywords: patch
X-Debian-PR-Source: libvirt
Received: via spool by [email protected] id=B688179.138974412328274
          (code B ref 688179); Wed, 15 Jan 2014 00:03:02 +0000
Received: (at 688179) by bugs.debian.org; 15 Jan 2014 00:02:03 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2-bugs.debian.org_2005_01_02
	(2011-06-06) on buxtehude.debian.org
X-Spam-Level: 
X-Spam-Status: No, score=-2.3 required=4.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,FREEMAIL_FROM,HTML_MESSAGE,MULTALT,RCVD_IN_DNSWL_LOW,SPF_PASS,
	T_TO_NO_BRKTS_FREEMAIL autolearn=no version=3.3.2-bugs.debian.org_2005_01_02
X-Spam-Bayes: score:0.0000 Tokens: new, 23; hammy, 130; neutral, 40; spammy,
	3. spammytokens:0.987-1--H*F:U*zone, 0.945-+--H*c:alternative,
	0.871-+--Policy hammytokens:0.000-+--libvirt, 0.000-+--libvirtbin,
	0.000-+--libvirt-bin, 0.000-+--SELinux, 0.000-+--LXC
Received: from mail-pb0-f67.google.com ([209.85.160.67])
	by buxtehude.debian.org with esmtps (TLS1.0:RSA_ARCFOUR_SHA1:128)
	(Exim 4.80)
	(envelope-from <[email protected]>)
	id 1W3Dvn-0007Kx-0E
	for [email protected]; Wed, 15 Jan 2014 00:02:03 +0000
Received: by mail-pb0-f67.google.com with SMTP id uo5so207273pbc.6
        for <[email protected]>; Tue, 14 Jan 2014 16:01:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:sender:date:message-id:subject:from:to:content-type;
        bh=EWtdW1QCIACAMczqaSS0BXW6YzdSG9hr6vJ68cYFbWk=;
        b=fOi/6oatFziimO77mPVWlRh9LOHBfPXSVImluQ6UdBfp/J3e36B2ng7gkLQAbWTfl8
         xIHwKkX/1fQD9DX8+LSiljTr6mzVoMQ9b2tBGQuo/pmjzmVwRLY3FFczzI8R1a0hsn/P
         /OjtH5JOC3Pzmoykpor6f8ZSYkjvBwMqMEwQbCRXHFwCSPuaQHpV3AQHYCmAduOs5QWG
         8C4cdyoeE6f2wNcHt9HWH4tsEX8o7Z7Fsygt7brtnCqSXe1QN0t2/GtRZT5aQ0VzNHn6
         R3GVMOGhecMUvR1la5wdFaJJNOQ8imfTebtlWSooGKr9y9+3a32SzDCOWWLGeP9rzczt
         NzmQ==
MIME-Version: 1.0
X-Received: by 10.68.135.137 with SMTP id ps9mr4517610pbb.160.1389744116946;
 Tue, 14 Jan 2014 16:01:56 -0800 (PST)
Sender: [email protected]
Received: by 10.66.189.168 with HTTP; Tue, 14 Jan 2014 16:01:56 -0800 (PST)
Date: Wed, 15 Jan 2014 01:01:56 +0100
X-Google-Sender-Auth: 25bEvn9kq4jaBXaQGzfkHkdzako
Message-ID: <CADKfTWYXie4v8p3xavrPXaRBgpZCsJG8ZcU3+stQuZda=kP62g@mail.gmail.com>
From: Mateusz Matuszkowiak <[email protected]>
To: [email protected]
Content-Type: multipart/alternative; boundary=047d7b10cbcf6b5f2e04eff70413

[Message part 1 (text/plain, inline)]
Hello,

Trying to confirm that selinux driver is working on jessie but so far
without luck:

2014-01-14 23:10:23.945+0000: 13996: info : libvirt version: 1.2.0
2014-01-14 23:10:23.945+0000: 13996: error : virSecurityDriverLookup:78 :
unsupported configuration: Security driver selinux not enabled
2014-01-14 23:10:23.945+0000: 13996: error : lxcSecurityInit:1461 : Failed
to initialize security drivers
2014-01-14 23:10:23.945+0000: 13996: error : virStateInitialize:854 :
Initialization of LXC state driver failed: unsupported configuration:
Security driver selinux not enabled
2014-01-14 23:10:23.946+0000: 13996: error : daemonRunStateInit:909 :
Driver state initialization failed

This is, to be exact, the latest '1.2.0-2' libvirt-bin package, and OFC
selinux is enabled:

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             default
Current mode:                   permissive
Mode from config file:          permissive
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      28

Even though compilling it manually from sources it ends up on missing
selinux driver. I know that this case has been also pushed by Ivan Gooten
to the libvirt mailing list, if interested:
https://www.redhat.com/archives/libvirt-users/2014-January/msg00025.html

WKR,
Mateusz

[Message part 2 (text/html, inline)]

Send a report that this bug log contains spam.

Debian bug tracking system administrator <[email protected]>. Last modified: Thu May 15 15:35:05 2025; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.