Re: [Libguestfs] virt-v2v 1.38 fails to convert .vmx VM: setfiles ... Multiple same specifications for /.*.
9:42 a.m.
On Mon, Mar 19, 2018 at 02:21:24PM +0000, Зиновик Игорь Анатольевич wrote:
> -----Original Message-----
> From: Richard W.M. Jones [mailto:rjones@redhat.com]
> Sent: Monday, March 19, 2018 3:27 PM
> To: Зиновик Игорь Анатольевич <ZinovikIA(a)nspk.ru>
> Cc: libguestfs(a)redhat.com
> Subject: Re: [Libguestfs] virt-v2v 1.38 fails to convert .vmx VM: setfiles ...
> Multiple same specifications for /.*.
>
> On Tue, Mar 06, 2018 at 09:31:33AM +0000, Зиновик Игорь Анатольевич
> wrote:
> > > Multiple same specifications for /.*.
> ...
> > > > setfiles:
> > > > /sysroot/etc/selinux/targeted/contexts/files/file_contexts:
> > > > Multiple
> > > same specifications for /.*.
>
> My idea for reproducing this was:
>
> (1) Download your file_contexts file.
>
> (2) virt-builder fedora-27 \
> --upload file_contexts:/etc/selinux/targeted/contexts/files/file_contexts \
> --selinux-relabel
>
>
> However I wasn't able to reproduce it (with
policycoreutils-2.7-15.fc29.x86_64).
> Also I don't see multiple ‘/.*’
> lines in the file_contexts file.
>
> So I don't know.
>
> But it's still my opinion that it is a bug in policycoreutils.
Thanks for investigation, Richard. Is it somehow possible to disable `setfiles'
invocation
during virt-v2v conversion run? E.g. via environment variable?
You can do --no-selinux-relabel, but that disables relabelling
completely, which may mean that your VM won't boot.
Have you tried making edits to the file_contexts file to work
out exactly which part setfiles is complaining about? That may
give some clues about a better workaround.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into KVM guests.
http://libguestfs.org/virt-v2v
4:22 a.m.
New subject: virt-v2v 1.38 fails to convert .vmx VM: setfiles ... Multiple same specifications for /.*.
С уважением,
Зиновик Игорь | ДИТ | вн. 1569 |
-----Original Message-----
From: Richard W.M. Jones [mailto:rjones@redhat.com]
Sent: Monday, March 19, 2018 5:42 PM
To: Зиновик Игорь Анатольевич <ZinovikIA(a)nspk.ru>
Cc: libguestfs(a)redhat.com
Subject: Re: [Libguestfs] virt-v2v 1.38 fails to convert .vmx VM: setfiles ...
Multiple same specifications for /.*.
On Mon, Mar 19, 2018 at 02:21:24PM +0000, Зиновик Игорь Анатольевич
wrote:
> > -----Original Message-----
> > From: Richard W.M. Jones [mailto:rjones@redhat.com]
> > Sent: Monday, March 19, 2018 3:27 PM
> > To: Зиновик Игорь Анатольевич <ZinovikIA(a)nspk.ru>
> > Cc: libguestfs(a)redhat.com
> > Subject: Re: [Libguestfs] virt-v2v 1.38 fails to convert .vmx VM: setfiles ...
> > Multiple same specifications for /.*.
> >
> > On Tue, Mar 06, 2018 at 09:31:33AM +0000, Зиновик Игорь Анатольевич
> > wrote:
> > > > Multiple same specifications for /.*.
> > ...
> > > > > setfiles:
> > > > > /sysroot/etc/selinux/targeted/contexts/files/file_contexts:
> > > > > Multiple
> > > > same specifications for /.*.
> >
> > My idea for reproducing this was:
> >
> > (1) Download your file_contexts file.
> >
> > (2) virt-builder fedora-27 \
> > --upload
file_contexts:/etc/selinux/targeted/contexts/files/file_contexts \
> > --selinux-relabel
> >
> >
> > However I wasn't able to reproduce it (with policycoreutils-2.7-
15.fc29.x86_64).
> > Also I don't see multiple ‘/.*’
> > lines in the file_contexts file.
> >
> > So I don't know.
> >
> > But it's still my opinion that it is a bug in policycoreutils.
>
> Thanks for investigation, Richard. Is it somehow possible to disable
> `setfiles' invocation during virt-v2v conversion run? E.g. via environment
variable?
You can do --no-selinux-relabel, but that disables relabelling completely, which
may mean that your VM won't boot.
My virt-v2v does not recognize --no-selinux-relabel option.
Have you tried making edits to the file_contexts file to work out
exactly which
part setfiles is complaining about? That may give some clues about a better
workaround.
I found the root cause - some of my CentOS 7.3 VMs has
/etc/selinux/targeted/contexts/files/file_contexts.pre (leftover?) which mimics
/etc/selinux/targeted/contexts/files/file_contexts:
$ sudo LIBGUESTFS_BACKEND=direct guestfish --ro -a vm-lbmgr01.vmdk -i head
/etc/selinux/targeted/contexts/files/file_contexts.pre
/.* system_u:object_r:default_t:s0
/[^/]+ -- system_u:object_r:etc_runtime_t:s0
/a?quota\.(user|group) -- system_u:object_r:quota_db_t:s0
/nsr(/.*)? system_u:object_r:var_t:s0
/sys(/.*)? system_u:object_r:sysfs_t:s0
/xen(/.*)? system_u:object_r:xen_image_t:s0
$ sudo LIBGUESTFS_BACKEND=direct guestfish --ro -a vm-lbmgr01.vmdk -i head
/etc/selinux/targeted/contexts/files/file_contexts
/.* system_u:object_r:default_t:s0
/[^/]+ -- system_u:object_r:etc_runtime_t:s0
/a?quota\.(user|group) -- system_u:object_r:quota_db_t:s0
/nsr(/.*)? system_u:object_r:var_t:s0
/sys(/.*)? system_u:object_r:sysfs_t:s0
/xen(/.*)? system_u:object_r:xen_image_t:s0
I moved file to file_contexts.pre to /root directory and successfully managed to convert
guest. rpm tool says that this does not belong to
any package. Maybe it is some kind of leftover after upgrade (7.2->7.3), just an
assumption from top of my head.
Настоящее сообщение, направленное по электронной почте, и любые вложения - это
корреспонденция, содержащая информацию, доступ к которой ограничен в соответствии с
законодательством Российской Федерации и которая предназначена только для использования
уполномоченными АО «НСПК» получателями сообщения (уполномоченными лицами). Если Вы не
являетесь уполномоченным лицом или Вам не известно, являетесь ли Вы таким уполномоченным
получателем сообщения от АО «НСПК», то уведомляем, что любое раскрытие, распространение
или копирование этого сообщения влечет за собой установленную законом ответственность.
Если Вы не являетесь уполномоченным получателем сообщения, просим Вас незамедлительно
информировать об этом отправителя и удалить полученное сообщение из системы. This e-mail
message together with any attachments hereto contains confidential information and is
intended for recipients authorized by NSPK only. Any disclosure, distribution or copying
of this message entails liability established by law. If you are not an authorized
recipient, please immediately inform the sender and delete this message from your
information system.
2427
days inactive
2428
days old
1 comments
2 participants
participants (2)
-
Richard W.M. Jones -
Зиновик Игорь Анатольевич