Re: [ovirt-devel] SELinux issue with f20 libvirtd

From: "Eric Blake" <eblake(a)redhat.com&gt; To: "Nir Soffer" <nsoffer(a)redhat.com&gt;, "Simone Tiraboschi" <stirabos(a)redhat.com&gt; Cc: devel(a)ovirt.org Sent: Wednesday, April 1, 2015 6:04:18 PM Subject: Re: [ovirt-devel] SELinux issue with f20 libvirtd On 04/01/2015 09:58 AM, Nir Soffer wrote: >> >> and /dev/vport2p1 seams to be badly labeled: >> crw-rw----. ovirtagent ovirtagent system_u:object_r:virtio_device_t:s0 >> /dev/vport2p1 >> >> I was using: >> libvirt-daemon.x86_64 1.1.3.9-1.fc20 @updates >> selinux-policy.noarch 3.12.1-197.fc20 @updates >> selinux-policy-targeted.noarch 3.12.1-197.fc20 @updates >> >> The issue doesn't reproduce enabling virt-preview repo and using a fresher >> libvirtd. >> >> Should I open a bug to have something back-ported on f20 libvirt or should >> we >> explicitly require virt-preview repo for oVirt 3.5.2 as we are doing for >> master? > > I think you should open a bug for libvirt and or selinux. This is probably > an > selinux issue, but libvirt guys should be in the loop. I'm not sure if there have been any libvirt patches between 1.1.3 and 1.2.9 that affect libvirt labeling, or if it is a selinux problem. But if there was a libvirt patch, we can certainly backport it to F20 with a BZ.

> If the platform cannot provide a fix for fedora 20, we can require > virt-preview. > > Adding Eric who can give a better answer. > > Nir > > -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org