On Fri, Mar 09, 2012 at 06:16:54PM +0100, Paolo Bonzini wrote:
I'm wondering whether it's worth expanding the SELinux policy if we
will have no fstatfs(2) callers in QEMU. Are you planning to drop the
XFS code?
Chris Wedgwood said that on XFS you want to do discard even if the file
is
On Fri, Mar 09, 2012 at 04:07:43PM +, Stefan Hajnoczi wrote:
Paolo, your discard improvements in QEMU add FALLOC_FL_PUNCH_HOLE
support. XFS supports this fallocate() flag in current kernels,
thereby making the XFS-specific support obsolete.
I'm wondering whether it's worth expanding the
Hi,
I have a question about the libvirt SELinux policy that can be applied
to QEMU processes. Yesterday Laine helped Khoa and me diagnose an
issue where QEMU was doing fstatfs(2) but SELinux prevented this
FILESYSTEM__GETATTR operation, resulting in a failed syscall with
-EACCES. The SELinux
Hi.
On Fri, Mar 09, 2012 at 11:32:47 +, Stefan Hajnoczi wrote:
...
static __inline__ int platform_test_xfs_fd(int fd)
{
struct statfs buf;
if (fstatfs(fd, buf) 0)
return 0;
return (buf.f_type == 0x58465342); /* XFSB */
}
In other words,
On Fri, Mar 9, 2012 at 3:11 PM, Laine Stump la...@laine.org wrote:
On 03/09/2012 09:16 AM, Jiri Denemark wrote:
Hi.
On Fri, Mar 09, 2012 at 11:32:47 +, Stefan Hajnoczi wrote:
...
static __inline__ int platform_test_xfs_fd(int fd)
{
struct statfs buf;
if (fstatfs(fd,
On 03/09/2012 09:16 AM, Jiri Denemark wrote:
Hi.
On Fri, Mar 09, 2012 at 11:32:47 +, Stefan Hajnoczi wrote:
...
static __inline__ int platform_test_xfs_fd(int fd)
{
struct statfs buf;
if (fstatfs(fd, buf) 0)
return 0;
return (buf.f_type ==
Subject
QEMU fstatfs(2) and libvirt SELinux
policy
On Fri, Mar 09, 2012 at 11:32:47AM +, Stefan Hajnoczi wrote:
Hi,
I have a question about the libvirt SELinux policy that can be applied
to QEMU processes. Yesterday Laine helped Khoa and me diagnose an
issue where QEMU was doing fstatfs(2) but SELinux prevented this
FILESYSTEM__GETATTR
On Fri, Mar 9, 2012 at 3:11 PM, Laine Stump la...@laine.org wrote:
On 03/09/2012 09:16 AM, Jiri Denemark wrote:
Hi.
On Fri, Mar 09, 2012 at 11:32:47 +, Stefan Hajnoczi wrote:
...
static __inline__ int platform_test_xfs_fd(int fd)
{
struct statfs buf;
if (fstatfs(fd,
Il 09/03/2012 17:07, Stefan Hajnoczi ha scritto:
So am I correct that this extra permission is only needed for a single
RHEL6 release? If qemu won't be doing fstafs on an ongoing basis, it
doesn't seem like a good idea to permanently open up the permissions
allowed by virt_use_nfs
Paolo,
On Fri, Mar 9, 2012 at 5:16 PM, Paolo Bonzini pbonz...@redhat.com wrote:
Il 09/03/2012 17:07, Stefan Hajnoczi ha scritto:
So am I correct that this extra permission is only needed for a single
RHEL6 release? If qemu won't be doing fstafs on an ongoing basis, it
doesn't seem like a good idea
On Tue, Mar 03, 2009 at 09:04:19PM +0100, Michael Kress wrote:
Hi! What do I have to do to get qemu-kvm to run with selinux running
with enforcing policy?
[snip]
I've tried to set the type:
chcon -t virt_image_t a01.img
but all I got was:
chcon: failed to change context of `a01.img' to
Hi! What do I have to do to get qemu-kvm to run with selinux running
with enforcing policy?
I get these messages when I enable this policy:
Mar 3 20:56:23 matrix kernel: [ 8972.482746] device vnet0 entered
promiscuous mode
Mar 3 20:56:23 matrix kernel: [ 8972.898943] br0: port 2(vnet0)
entering
Michael Kress wrote:
Hi! What do I have to do to get qemu-kvm to run with selinux running
with enforcing policy?
I get these messages when I enable this policy:
Mar 3 20:56:23 matrix kernel: [ 8972.482746] device vnet0 entered
promiscuous mode
Mar 3 20:56:23 matrix kernel: [ 8972.898943] br0:
Dave Allan wrote:
Michael Kress wrote:
I've tried to set the type:
chcon -t virt_image_t a01.img
but all I got was:
chcon: failed to change context of `a01.img' to
`system_u:object_r:virt_image_t:s0': Invalid argument
The host is a debian 5.0 machine.
That's the correct command to set the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
As I begin to work on the svirt lock down of the qemu process, I am
seeing a disturbing problem.
The qemu binaries are being used to both setup the guest image
environment and then to run the guest image.
16 matches
Mail list logo
