Bug 995897

Summary: fail to start lxc domain with disabled selinux
Product: Red Hat Enterprise Linux 6 Reporter: fly-away <flyaaway>
Component: libvirtAssignee: Libvirt Maintainers <libvirt-maint>
Status: CLOSED DUPLICATE QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.4CC: acathrow, ajia, dallan, dyuan, ernest.beinrohr, lsu
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-08-13 13:43:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description fly-away 2013-08-11 22:39:07 UTC 
Description of problem:
Fail to start LXC guest with disabled selinux

Version-Release number of selected component (if applicable):
kernel 2.6.32-358.14.1.el6.x86_64
libvirt-0.10.2-18.el6_4.9.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Set in /etc/sysconfig/selinux
    SELINUX=disabled
   reboot the system

2. Define a LXC guest
# cat toy.xml
<domain type='lxc'>
  <name>toy</name>
  <uuid>386f5b25-43ee-9d62-4ce2-62c3809e47c1</uuid>
  <memory>500000</memory>
  <currentMemory>500000</currentMemory>
  <vcpu>1</vcpu>
  <os>
    <type arch='x86_64'>exe</type>
    <init>/bin/sh</init>
  </os>
  <clock offset='utc'/>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>destroy</on_crash>
  <devices>
    <emulator>/usr/libexec/libvirt_lxc</emulator>
    <console type='pty'>
      <target port='0'/>
    </console>
  </devices>
</domain>

# virsh -c lxc:/// define toy.xml
Domain toy defined from toy.xml


2. Start the LXC guest
 # virsh -c lxc:/// start toy
error: Failed to start domain toy
error: internal error guest failed to start: PATH=/bin:/sbin TERM=linux container=lxc-libvirt container_uuid=386f5b25-43ee-9d62-4ce2-62c3809e47c1 LIBVIRT_LXC_UUID=386f5b25-43ee-9d62-4ce2-62c3809e47c1 LIBVIRT_LXC_NAME=toy /bin/sh
2013-08-11 22:23:30.790+0000: 1: info : libvirt version: 0.10.2, package: 18.el6_4.9 (Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>, 2012-09-13-00:00:13, x86-009.build.bos.redhat.com)
2013-08-11 22:23:30.790+0000: 1: error : lxcContainerMountBasicFS:561 : Failed to mount /selinux on /selinux type selinuxfs flags=e opts=(null): No such device
2013-08-11 22:23:30.790+0000: 26762: info : libvirt version: 0.10.2, package: 18.el6_4.9 (Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>, 2012-09-13-00:00:13, x86-009.build.bos.redhat.com)
2013-08-11 22:23:30.790+0000: 26762: error : virLXCControllerRun:1408 : error receiving signal from container: Input/output error


Actual results:
Fail to start

Expected results:


Additional info:
Also try to set 
   security_driver = "none"
in /etc/libvirt/lxc.conf
without any success
Comment 4 Dave Allan 2013-08-13 13:43:11 UTC 
One of my colleagues pointed out that this is a known bug.  It will be fixed shortly.

*** This bug has been marked as a duplicate of bug 915485 ***
Comment 5 Dave Allan 2013-08-13 13:46:52 UTC 
I apologize that 915485 is not public, but it's currently ON_QE.
Comment 6 ernest.beinrohr 2014-05-05 11:02:38 UTC 
Just a note: switching from disabled to "permissive" allowed libvirt to start the lxc container.