Bug 852969 - VM installation fails with libvirt 0.10.0, "internal error security image label already defined for VM"
VM installation fails with libvirt 0.10.0, "internal error security image lab...
Status: CLOSED NEXTRELEASE
Product: Virtualization Tools
Classification: Community
Component: libvirt (Show other bugs)
unspecified
x86_64 Linux
unspecified Severity high
: ---
: ---
Assigned To: Libvirt Maintainers
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-08-30 02:58 EDT by santwana
Modified: 2012-08-30 05:20 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-08-30 05:20:16 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
XML file of the guest generated by virt-install (2.28 KB, text/xml)
2012-08-30 02:58 EDT, santwana
no flags Details

  None (edit)
Description santwana 2012-08-30 02:58:42 EDT
Created attachment 608054 [details]
XML file of the guest generated by virt-install

Description of problem:

While installing VM using latest libvirt (0.10.0), installation fails with the error, "ERROR internal error security image label already defined for VM"

Version-Release number of selected component (if applicable):

libvirt 0.10.0

How reproducible:
Always

Steps to Reproduce:
1. Start installation of guest using virt-install.
2. Installation fails with an error, "ERROR    internal error security image label already defined for VM".
3. Trying to start an already existing VM with libvirt 0.10.0 also fails.

virsh start rhel6.2
error: Failed to start domain rhel6.2
error: internal error security image label already defined for VM

  
Actual results:
Installation and virsh start <VM> fails.

Expected results:
Installation should succeed.

Additional info:
Comment 1 Alex Jia 2012-08-30 04:55:02 EDT
(In reply to comment #0)
> Steps to Reproduce:
> 1. Start installation of guest using virt-install.
> 2. Installation fails with an error, "ERROR    internal error security image
> label already defined for VM".
> 3. Trying to start an already existing VM with libvirt 0.10.0 also fails.
> 
> virsh start rhel6.2
> error: Failed to start domain rhel6.2
> error: internal error security image label already defined for VM


Yeah, we also met the same issue today.
Comment 2 Peter Krempa 2012-08-30 05:20:16 EDT
This issue has been fixed upstream with:

commit d0c0e79ac646462aaa815f81ad324a0d3ef12954
Author: Daniel P. Berrange <berrange@redhat.com>
Date:   Thu Aug 30 01:37:01 2012 +0100

    Fix configuration of QEMU security drivers
    
    If no 'security_driver' config option was set, then the code
    just loaded the 'dac' security driver. This is a regression
    on previous behaviour, where we would probe for a possible
    security driver. ie default to SELinux if available.
    
    This changes things so that it 'security_driver' is not set,
    we once again do probing. For simplicity we also always
    create the stack driver, even if there is only one driver
    active.
    
    The desired semantics are:
    
     - security_driver not set
         -> probe for selinux/apparmour/nop
         -> auto-add DAC driver
     - security_driver set to a string
         -> add that one driver
         -> auto-add DAC driver
     - security_driver set to a list
         -> add all drivers in list
         -> auto-add DAC driver
    
    It is not allowed, or possible to specify 'dac' in the
    security_driver config param, since that is always
    enabled.
    
    Signed-off-by: Daniel P. Berrange <berrange@redhat.com>

Note You need to log in before you can comment on or make changes to this bug.