[Pkg-libvirt-maintainers] Bug#688179: Bug#688179: libvirt: Please enable selinux security driver

Guido Günther agx at sigxcpu.org
Thu Dec 26 21:04:07 UTC 2013 

On Thu, Dec 26, 2013 at 04:36:52PM +0100, Laurent Bigonville wrote:
> tag 688179 + patch
> thanks
> 
> Hi,
> 
> Please apply the attached patch.
> 
> I've just tested again and the VM's (using qemu) are starting properly
> and run in the expected context.

The main reason for not enabling this upfront was that it triggered buts
when selinux was not available. Did you by any chance test this as well?
Cheers,
 -- Guido

> 
> Cheers,
> 
> Laurent Bigonville

> diff -Nru libvirt-1.2.0/debian/control libvirt-1.2.0/debian/control
> --- libvirt-1.2.0/debian/control	2013-12-17 23:14:46.000000000 +0100
> +++ libvirt-1.2.0/debian/control	2013-12-26 16:33:45.000000000 +0100
> @@ -36,6 +36,7 @@
>   libnetcf-dev (>= 1:0.2.3-3~) [linux-any],
>   libsanlock-dev [linux-any],
>   libaudit-dev [linux-any],
> + libselinux1-dev (>= 2.0.82) [linux-any],
>   systemtap-sdt-dev [amd64 armel armhf i386 ia64 powerpc s390],
>  # for --with-storage-sheepdog
>   sheepdog [linux-any],
> @@ -88,6 +89,7 @@
>  Architecture: any
>  Depends: ${shlibs:Depends}, ${misc:Depends}
>  Recommends: lvm2 [linux-any]
> +Breaks: selinux-policy-default (<< 2:2.20131214-1~), selinux-policy-mls (<< 2:2.20131214-1~)
>  Description: library for interfacing with different virtualization systems
>   Libvirt is a C toolkit to interact with the virtualization capabilities
>   of recent versions of Linux (and other OSes). The library aims at providing
> diff -Nru libvirt-1.2.0/debian/rules libvirt-1.2.0/debian/rules
> --- libvirt-1.2.0/debian/rules	2013-12-17 23:14:46.000000000 +0100
> +++ libvirt-1.2.0/debian/rules	2013-12-26 15:56:00.000000000 +0100
> @@ -29,6 +29,7 @@
>    WITH_SANLOCK        = --with-sanlock
>    WITH_INIT_SCRIPT    =	--with-init-script=systemd
>    WITH_AUDIT          = --with-audit
> +  WITH_SELINUX        = --with-selinux --with-secdriver-selinux
>    ifneq (,$(findstring $(DEB_HOST_ARCH), amd64 armel armhf i386 ia64 powerpc s390))
>        WITH_DTRACE     = --with-dtrace
>    else
> @@ -61,6 +62,7 @@
>    WITH_NETCF          = --without-netcf
>    WITH_INIT_SCRIPT    =	--with-init-script=none
>    WITH_AUDIT          = --without-audit
> +  WITH_SELINUX        = --without-selinux
>    WITH_DTRACE         = --without-dtrace
>    WITH_XEN            = --without-xen
>    WITH_LIBXL          = --without-libxl
> @@ -88,7 +90,7 @@
>  	$(WITH_STORAGE_RBD)      \
>  	$(WITH_INIT_SCRIPT)      \
>  	$(WITH_NUMA)             \
> -	--without-selinux        \
> +	$(WITH_SELINUX)          \
>  	--without-esx		 \
>  	--without-phyp           \
>  	$(WITH_CAPNG)		 \

> _______________________________________________
> Pkg-libvirt-maintainers mailing list
> Pkg-libvirt-maintainers at lists.alioth.debian.org
> http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-libvirt-maintainers

More information about the Pkg-libvirt-maintainers mailing list