852969 – VM installation fails with libvirt 0.10.0, "internal error security image label already defined for VM"

Bug 852969 - VM installation fails with libvirt 0.10.0, "internal error security image label already defined for VM"

Summary: VM installation fails with libvirt 0.10.0, "internal error security image lab...

Keywords:
Status:	CLOSED NEXTRELEASE
Alias:	None
Product:	Virtualization Tools
Classification:	Community
Component:	libvirt
Sub Component:
Version:	unspecified
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	high
Target Milestone:	---
Assignee:	Libvirt Maintainers
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-08-30 06:58 UTC by santwana
Modified:	2012-08-30 09:20 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-08-30 09:20:16 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
XML file of the guest generated by virt-install (2.28 KB, text/xml) 2012-08-30 06:58 UTC, santwana	no flags	Details
View All

Description santwana 2012-08-30 06:58:42 UTC

Created attachment 608054 [details]
XML file of the guest generated by virt-install

Description of problem:

While installing VM using latest libvirt (0.10.0), installation fails with the error, "ERROR internal error security image label already defined for VM"

Version-Release number of selected component (if applicable):

libvirt 0.10.0

How reproducible:
Always

Steps to Reproduce:
1. Start installation of guest using virt-install.
2. Installation fails with an error, "ERROR    internal error security image label already defined for VM".
3. Trying to start an already existing VM with libvirt 0.10.0 also fails.

virsh start rhel6.2
error: Failed to start domain rhel6.2
error: internal error security image label already defined for VM

  
Actual results:
Installation and virsh start <VM> fails.

Expected results:
Installation should succeed.

Additional info:

Comment 1 Alex Jia 2012-08-30 08:55:02 UTC

(In reply to comment #0)
> Steps to Reproduce:
> 1. Start installation of guest using virt-install.
> 2. Installation fails with an error, "ERROR    internal error security image
> label already defined for VM".
> 3. Trying to start an already existing VM with libvirt 0.10.0 also fails.
> 
> virsh start rhel6.2
> error: Failed to start domain rhel6.2
> error: internal error security image label already defined for VM


Yeah, we also met the same issue today.

Comment 2 Peter Krempa 2012-08-30 09:20:16 UTC

This issue has been fixed upstream with:

commit d0c0e79ac646462aaa815f81ad324a0d3ef12954
Author: Daniel P. Berrange <berrange>
Date:   Thu Aug 30 01:37:01 2012 +0100

    Fix configuration of QEMU security drivers
    
    If no 'security_driver' config option was set, then the code
    just loaded the 'dac' security driver. This is a regression
    on previous behaviour, where we would probe for a possible
    security driver. ie default to SELinux if available.
    
    This changes things so that it 'security_driver' is not set,
    we once again do probing. For simplicity we also always
    create the stack driver, even if there is only one driver
    active.
    
    The desired semantics are:
    
     - security_driver not set
         -> probe for selinux/apparmour/nop
         -> auto-add DAC driver
     - security_driver set to a string
         -> add that one driver
         -> auto-add DAC driver
     - security_driver set to a list
         -> add all drivers in list
         -> auto-add DAC driver
    
    It is not allowed, or possible to specify 'dac' in the
    security_driver config param, since that is always
    enabled.
    
    Signed-off-by: Daniel P. Berrange <berrange>

Note You need to log in before you can comment on or make changes to this bug.