+++ This bug was initially created as a clone of Bug #733996 +++ Created attachment 520296 [details] full debug info Description of problem: can set relabel option for security driver setting when install vm. Version-Release number of selected component (if applicable): python-virtinst-0.600.0-2.el6.noarch libvirt-0.9.4-5.el6 virt-manager-0.9.0-5.el6 How reproducible: always Steps to Reproduce: 1.install a vm with static security settings. 1.# virt-install -n demo -r 1024 -f /var/lib/libvirt/images/test.img -s 5 --security type=static,label='system_u:system_r:svirt_t:s0:c100,c200' -c /dev/cdrom --debug ......... Mon, 29 Aug 2011 02:03:29 ERROR internal error Process exited while reading console log output: char device redirected to /dev/pts/8 qemu-kvm: -drive file=/var/lib/libvirt/images/demo.img,if=none,id=drive-ide0-0-0,format=raw,cache=none: could not open disk image /var/lib/libvirt/images/demo.img: Permission denied Mon, 29 Aug 2011 02:03:29 DEBUG Traceback (most recent call last): File "/usr/sbin/virt-install", line 620, in start_install noboot=options.noreboot) File "/usr/lib/python2.6/site-packages/virtinst/Guest.py", line 1223, in start_install noboot) File "/usr/lib/python2.6/site-packages/virtinst/Guest.py", line 1291, in _create_guest dom = self.conn.createLinux(start_xml or final_xml, 0) File "/usr/lib64/python2.6/site-packages/libvirt.py", line 1966, in createLinux if ret is None:raise libvirtError('virDomainCreateLinux() failed', conn=self) libvirtError: internal error Process exited while reading console log output: char device redirected to /dev/pts/8 qemu-kvm: -drive file=/var/lib/libvirt/images/demo.img,if=none,id=drive-ide0-0-0,format=raw,cache=none: could not open disk image /var/lib/libvirt/images/demo.img: Permission denied install will failed with Permission denied. if have an existing image file,with correctly security label,the install will successful.mention in bug:https://bugzilla.redhat.com/show_bug.cgi?id=698085#c9 for libvirt ,there have a new attribute "relabel=yes",refer to http://libvirt.org/formatdomain.html#seclabel so, customer need setting static security label without having an existing image file when install a new vm. like command line: # virt-install -n demo -r 1024 -f /var/lib/libvirt/images/test.img -s 5 --security type=static,relable=yes,label='system_u:system_r:svirt_t:s0:c100,c200' -c /dev/cdrom --debug Actual results: see Steps to Reproduce Expected results: should install vm successful with static security label if not have existing image file. Additional info:
While using relable=true by default is definitely more user friendly, manual labelling isn't a commonly used feature so not that urgent. And given reduced capacity for virt-manager/virtinst, just moving this to the upstream tracker.
Making this change is a bit of a pain. Given that I think very few people depend on static labelling, and libvirt doesn't default to relabel=yes, I don't want to change this in virt-install. Closing as WONTFIX