----- Original Message ----- > From: "Eric Blake" <[email protected]> > To: "Nir Soffer" <[email protected]>, "Simone Tiraboschi" > <[email protected]> > Cc: [email protected] > Sent: Wednesday, April 1, 2015 6:04:18 PM > Subject: Re: [ovirt-devel] SELinux issue with f20 libvirtd > > On 04/01/2015 09:58 AM, Nir Soffer wrote: > > >> > >> and /dev/vport2p1 seams to be badly labeled: > >> crw-rw----. ovirtagent ovirtagent system_u:object_r:virtio_device_t:s0 > >> /dev/vport2p1 > >> > >> I was using: > >> libvirt-daemon.x86_64 1.1.3.9-1.fc20 @updates > >> selinux-policy.noarch 3.12.1-197.fc20 @updates > >> selinux-policy-targeted.noarch 3.12.1-197.fc20 @updates > >> > >> The issue doesn't reproduce enabling virt-preview repo and using a fresher > >> libvirtd. > >> > >> Should I open a bug to have something back-ported on f20 libvirt or should > >> we > >> explicitly require virt-preview repo for oVirt 3.5.2 as we are doing for > >> master? > > > > I think you should open a bug for libvirt and or selinux. This is probably > > an > > selinux issue, but libvirt guys should be in the loop. > > I'm not sure if there have been any libvirt patches between 1.1.3 and > 1.2.9 that affect libvirt labeling, or if it is a selinux problem. But > if there was a libvirt patch, we can certainly backport it to F20 with a BZ.
Thanks, it's probably a bit more complex: I was running it in nested environment using also the oVirt guest agent on the VM where I was deploying hosted-engine and /dev/vport2p1 is used by the guest agent to communicate with the physical host. Not sure why but I got a denial for /usr/sbin/ldconfig trying to access it and this is enough to prevent libvirtd to start the engine VM. I'm not sure but I think that it's not reproducible on a physical environment. I opened a bug to track it: https://bugzilla.redhat.com/show_bug.cgi?id=1208138 > > If the platform cannot provide a fix for fedora 20, we can require > > virt-preview. > > > > Adding Eric who can give a better answer. > > > > Nir > > > > > > -- > Eric Blake eblake redhat com +1-919-301-3266 > Libvirt virtualization library http://libvirt.org > > _______________________________________________ Devel mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/devel
