Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
H
H
HeroFromEarth2016-12-19 15:17:53
linux
HeroFromEarth, 2016-12-19 15:17:53

How to create unix-channel in 'connect' source mode with SELinux enabled?

I have a domain on CentOS 6 with the following configuration:

.........................................................
<channel type='unix'>
  <source mode='bind' path='/var/lib/libvirt/qemu/vport0'/>
  <target type='virtio' name='vport0'/>
  <address type='virtio-serial' controller='0' bus='0' port='1'/>
</channel>
<channel type='unix'>
  <source mode='connect' path='/var/lib/libvirt/qemu/vport0'/>
  <target type='virtio' name='vport0'/>
  <address type='virtio-serial' controller='0' bus='0' port='2'/>
</channel>
.........................................................

After running it with SELinux enabled, I see the following error:
error: Failed to start domain proxy-agent0
error: unable to set security context 'system_u:object_r:svirt_image_t:s0:c269,c347' on '/var/lib/libvirt/qemu/vport0': No such file or directory

With SELinux disabled, the problem is not observed, the domain starts without errors.
How to solve the problem besides disabling SELinux? Is there a way to force the creation of a virtual port right after reading an item in the config?
Let me emphasize one point: there are no errors when configuring with a channel only with source mode='bind'.
# ausearch -r -m VIRT_CONTROL -ts today
type=VIRT_CONTROL msg=audit(1482305847.172:2201): user pid=2430 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm op=start reason=booted vm="proxy-agent0" uuid=62bb1bc5-4e17-f67b-22a4-c14a487547e8 vm-pid=-1 exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=? res=failed'

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
H
HeroFromEarth, 2017-02-06
@HeroFromEarth

The answer to the question has been found.
In the domain config, you need to write the line:
At the same time, SELinux on the hypervisor does not check any files related to the domain, but the domain itself starts.

Report
D
Dmitry Aitkulov, 2016-12-20
@Scarfase1989

look here

Similar questions
C
chuhnevdan2021-04-13 09:38:42
Hello, I have a Django project, the task is the following, there is a csv file, it is necessary to create a table on the page based on it, what is the mistake? 2Reply
B
Bliss022021-05-03 18:53:48
How to remove selection from margin? 2Reply
E
ernestby2014-04-25 08:00:55
How to edit the list of installed axes at boot (Linux, Windows)? 5Reply
S
Silvatis2016-06-09 22:21:01
How to determine the allowable size limit of the connected hard drive? 3Reply
M
MiNiMoZg2014-04-26 21:42:57
Setting backlight on openSuse 13.1? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question