Hello again, I did some digging lately and I see that libvirtd won't start due to missing "/etc/selinux/default/contexts/lxc_contexts" file, which is provided by refpolicy in latest Fedora with a content as follows:
--------- process = "system_u:system_r:svirt_lxc_net_t:s0" content = "system_u:object_r:virt_var_lib_t:s0" file = "system_u:object_r:svirt_sandbox_file_t:s0" sandbox_kvm_process = "system_u:system_r:svirt_qemu_net_t:s0" sandbox_lxc_process = "system_u:system_r:svirt_lxc_net_t:s0" --------- The current refpolicy in Debian does not provide "svirt_sandbox_file_t" context, prob due to missing libvirt-sandbox package. // Fed's virt.te // $ wc -l virt.te 1616 virt.te // Debian's virt.te // $ wc -l virt.te 1211 virt.te The semodule virt would need to get updated - mayby SElinux master here? ;-) With kind regards, Mateusz On Wed, Jan 15, 2014 at 1:01 AM, Mateusz Matuszkowiak <z...@mescanef.net>wrote: > Hello, > > Trying to confirm that selinux driver is working on jessie but so far > without luck: > > 2014-01-14 23:10:23.945+0000: 13996: info : libvirt version: 1.2.0 > 2014-01-14 23:10:23.945+0000: 13996: error : virSecurityDriverLookup:78 : > unsupported configuration: Security driver selinux not enabled > 2014-01-14 23:10:23.945+0000: 13996: error : lxcSecurityInit:1461 : Failed > to initialize security drivers > 2014-01-14 23:10:23.945+0000: 13996: error : virStateInitialize:854 : > Initialization of LXC state driver failed: unsupported configuration: > Security driver selinux not enabled > 2014-01-14 23:10:23.946+0000: 13996: error : daemonRunStateInit:909 : > Driver state initialization failed > > This is, to be exact, the latest '1.2.0-2' libvirt-bin package, and OFC > selinux is enabled: > > SELinux status: enabled > SELinuxfs mount: /sys/fs/selinux > SELinux root directory: /etc/selinux > Loaded policy name: default > Current mode: permissive > Mode from config file: permissive > Policy MLS status: enabled > Policy deny_unknown status: allowed > Max kernel policy version: 28 > > Even though compilling it manually from sources it ends up on missing > selinux driver. I know that this case has been also pushed by Ivan Gooten > to the libvirt mailing list, if interested: > https://www.redhat.com/archives/libvirt-users/2014-January/msg00025.html > > WKR, > Mateusz > > > >