Bug 862812 - libvirtError: internal error Cannot parse sensitivity level in SystemLow-SystemHigh
libvirtError: internal error Cannot parse sensitivity level in SystemLow-Syst...
Product: Virtualization Tools
Classification: Community
Component: libvirt (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Libvirt Maintainers
Depends On:
  Show dependency treegraph
Reported: 2012-10-03 11:25 EDT by Laurent Bigonville
Modified: 2013-01-03 18:37 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2013-01-03 18:37:29 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Use getcon_raw (434 bytes, patch)
2012-10-04 11:35 EDT, Laurent Bigonville
no flags Details | Diff

  None (edit)
Description Laurent Bigonville 2012-10-03 11:25:47 EDT

Description of problem:
I'm currently helping trying to improuve selinux support in Debian.

When mcstrans daemon is NOT running, I can start VM and they seem labeled properly. But if mcstrans daemon is running I get a traceback.

Version-Release number of selected component (if applicable):
Libvirt 0.10.1
Git HEAD of the refpolicy

How reproducible:
Only if mcstrans daemon is running

Steps to Reproduce:
1. Run Debian unstable (with libvirt form experimental recompiled with selinux support)
2. Run SELinux (in permissive mode) with the git head of the refpolicy and mcstrans daemon started.
3. Try to start a VM using libvirt
Actual results:

I get the following error:

Erreur lors du démarrage du domaine: internal error Cannot parse sensitivity level in SystemLow-SystemHigh

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 96, in cb_wrapper
    callback(asyncjob, *args, **kwargs)
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 117, in tmpcb
    callback(*args, **kwargs)
  File "/usr/share/virt-manager/virtManager/domain.py", line 1090, in startup
  File "/usr/lib/python2.7/dist-packages/libvirt.py", line 620, in create
    if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self)
libvirtError: internal error Cannot parse sensitivity level in SystemLow-SystemHigh

Expected results:

The VM start like when mcstrans is not running

Additional info:

I can reproduce this using both qemu:///session and qemu:///system, but for some reasons, when connected on the system instance, virt-manager is showing be that the DAC security module is used (but shows a selinux label bellow...)

I think that to be able to fix this bug, the calls to getpidcon(), getfilecon(),... should be changed to their _raw() counterpart.
Comment 1 Laurent Bigonville 2012-10-04 11:35:54 EDT
Created attachment 621701 [details]
Use getcon_raw

This patch seems to fix the issue for me.

Maybe the other calls to get*con() where the result is not presented to the user could also be converted to their _raw() variant
Comment 2 Laurent Bigonville 2013-01-03 18:37:29 EST

This has been fixed in the commit 9674f2c637114fa6ac0680fe5658a41a62bb34a8

which is part of 1.0.1 release

Note You need to log in before you can comment on or make changes to this bug.