Created attachment 608054 [details] XML file of the guest generated by virt-install Description of problem: While installing VM using latest libvirt (0.10.0), installation fails with the error, "ERROR internal error security image label already defined for VM" Version-Release number of selected component (if applicable): libvirt 0.10.0 How reproducible: Always Steps to Reproduce: 1. Start installation of guest using virt-install. 2. Installation fails with an error, "ERROR internal error security image label already defined for VM". 3. Trying to start an already existing VM with libvirt 0.10.0 also fails. virsh start rhel6.2 error: Failed to start domain rhel6.2 error: internal error security image label already defined for VM Actual results: Installation and virsh start <VM> fails. Expected results: Installation should succeed. Additional info:
(In reply to comment #0) > Steps to Reproduce: > 1. Start installation of guest using virt-install. > 2. Installation fails with an error, "ERROR internal error security image > label already defined for VM". > 3. Trying to start an already existing VM with libvirt 0.10.0 also fails. > > virsh start rhel6.2 > error: Failed to start domain rhel6.2 > error: internal error security image label already defined for VM Yeah, we also met the same issue today.
This issue has been fixed upstream with: commit d0c0e79ac646462aaa815f81ad324a0d3ef12954 Author: Daniel P. Berrange <berrange> Date: Thu Aug 30 01:37:01 2012 +0100 Fix configuration of QEMU security drivers If no 'security_driver' config option was set, then the code just loaded the 'dac' security driver. This is a regression on previous behaviour, where we would probe for a possible security driver. ie default to SELinux if available. This changes things so that it 'security_driver' is not set, we once again do probing. For simplicity we also always create the stack driver, even if there is only one driver active. The desired semantics are: - security_driver not set -> probe for selinux/apparmour/nop -> auto-add DAC driver - security_driver set to a string -> add that one driver -> auto-add DAC driver - security_driver set to a list -> add all drivers in list -> auto-add DAC driver It is not allowed, or possible to specify 'dac' in the security_driver config param, since that is always enabled. Signed-off-by: Daniel P. Berrange <berrange>