virt-ark / libvirt

Clone
Source Code
GIT

93a062c qemu: Copy SELinux labels for namespace too

Authored and Committed by mprivozn 7 years ago
raw patch tree parent
1 file changed. 63 lines added. 1 lines removed.
src/qemu/qemu_domain.c
file modified
+63 -1 
    qemu: Copy SELinux labels for namespace too
    
    When creating new /dev/* for qemu, we do chown() and copy ACLs to
    create the exact copy from the original /dev. I though that
    copying SELinux labels is not necessary as SELinux will chose the
    sane defaults. Surprisingly, it does not leaving namespace with
    the following labels:
    
    crw-rw-rw-. root root system_u:object_r:tmpfs_t:s0     random
    crw-------. root root system_u:object_r:tmpfs_t:s0     rtc0
    drwxrwxrwt. root root system_u:object_r:tmpfs_t:s0     shm
    crw-rw-rw-. root root system_u:object_r:tmpfs_t:s0     urandom
    
    As a result, domain is unable to start:
    
    error: internal error: process exited while connecting to monitor: Error in GnuTLS initialization: Failed to acquire random data.
    qemu-kvm: cannot initialize crypto: Unable to initialize GNUTLS library: Failed to acquire random data.
    
    The solution is to copy the SELinux labels as well.
    
    Reported-by: Andrea Bolognani <abologna@redhat.com>
    Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
file modified
+63 -1
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.