Bug 902103
Summary: | "Cannot parse sensitivity level in s0" when launching nova instance | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Steve Baker <sbaker> | ||||
Component: | libvirt | Assignee: | Libvirt Maintainers <libvirt-maint> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 18 | CC: | berrange, clalancette, crobinso, dallan, itamar, jforbes, jyang, laine, libvirt-maint, veillard, virt-maint | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | x86_64 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2013-04-11 23:30:45 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Steve Baker
2013-01-20 21:34:07 UTC
Created attachment 683900 [details]
libvirt xml which demonstrates problem
Please provide ps -axuZ | grep libvirtd and ls -lZ /usr/sbin/libvirtd # ps -axuZ | grep libvirtd system_u:system_r:kernel_t:s0 root 951 0.0 0.0 484324 1824 ? Ssl Jan21 0:00 /usr/sbin/libvirtd unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023 root 18159 0.0 0.0 109180 884 pts/6 S+ 09:25 0:00 grep --color=auto libvirtd # ls -lZ /usr/sbin/libvirtd -rwxr-xr-x. root root system_u:object_r:virtd_exec_t:s0 /usr/sbin/libvirtd This is with svirt still disabled Hmm, I can't reproduce. That error message comes from libvirtd, trying to parse it's own selinux context. It throws that error if it doesn't find a colon in the context string. Steve, is this with all up to date packages? Do other VMs work? Is selinux in enforcing, permissive, or disabled? Also, please provide ps -axuZ | grep libvirtd again, but this time with svirt enabled, and after restarting libvirtd. With security_driver = "selinux" in /etc/libvirt/qemu.conf ps -axuZ | grep libvirtd system_u:system_r:kernel_t:s0 root 9438 0.2 0.1 1078160 5856 ? Ssl 13:27 0:00 /usr/sbin/libvirtd unconfined_u:system_r:abrt_helper_t:s0-s0:c0.c1023 steveb 15084 0.0 0.0 109180 884 pts/1 S+ 13:33 0:00 grep --color=auto libvirtd Steve, I think you can fix this locally by touch /.autorelabel reboot But we should find a way to not make this fail if running in permissive mode This series makes libvirt more robust at handling unexpected security labels, which should address this problem https://www.redhat.com/archives/libvir-list/2013-March/msg00684.html libvirt-0.10.2.4-1.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/libvirt-0.10.2.4-1.fc18 Package libvirt-0.10.2.4-1.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing libvirt-0.10.2.4-1.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2013-4691/libvirt-0.10.2.4-1.fc18 then log in and leave karma (feedback). libvirt-0.10.2.4-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. |