Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Description of problem:
I was installing libvirt in a clean environment without SELinux beeing installed.
Once I tried to start libvirt, it raised some errors about labels.
I had to install selinux-policy-targeted to fix this issue.
Version-Release number of selected component (if applicable):
RHEL 7.2 (CentOS)
How reproducible:
always
Steps to Reproduce:
1. Install libvirtd with i.e. rpm --root=…
2.
3.
Actual results:
libvirtd will not pull in selinux-policy-targeted
Expected results:
libvirtd should pull in selinux-policy-targeted
Additional info:
Libvirt can happily run without SELinux if configured so (security_driver = "none" in /etc/libvirt/qemu.conf) so making it a hard dependency would be wrong.
I do understand that libvirt can run without SELinux.
But fact is that the default configuration is expecting SELinux.
Thus IMHO libvirtd should either not require selinux by default in the configuration or oull in the selinux policy.
But teh current state is that if you install libvirtd then it will not work.
selinux-policy-targeted is installed even with the minimal installation, it is listed as a mandatory package in group "Core" (Smallest possible installation) which means it will be installed by default. So libvirt's default to use SELinux (if it is detected) works in the default installation. Creating a special environment requires treatment. And what if someone wanted to create a special installation with no SELinux policy installed? Adding a hard dependency on it in libvirt would make this impossible to achieve.
I tried below steps about the bug:
1. I installed with minmal installation for rhel7.3.
2. After installation finished, I removed the "selinux-policy-targeted" from the OS and checked /etc/libvirt/qemu.conf file . The configuration was comment as default. #security_driver = "selinux"
3. Then I installed qemu-kvm-rhev & libvirt rpms successfully.
4. After that, the libvirtd service can't be started and I tried to reboot system and the system can't be started up correctly. Error message " Failed to load SELinux policy, freezing" is printed out.
Is this situation acceptable?