<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 09/22/2013 12:46 AM, yue wrote:<br>
</div>
<blockquote
cite="mid:a6f5372.1000a.14143fdce50.Coremail.libvirt@163.com"
type="cite">
<div
style="line-height:1.7;color:#000000;font-size:14px;font-family:arial">
<div>hi,all</div>
<div>when 'virsh start testname-1' failed, but i can start it
throught commandline which is copy from libvirtd.log.</div>
</div>
</blockquote>
<br>
When you run qemu from the shell, you are running it as root. When
libvirt runs qemu, it is running it as the user/group that is given
in /etc/libvirt/qemu.conf. Generally that user/group is *not* root,
but some other account that has drastically reduced privileges.<br>
<br>
<blockquote
cite="mid:a6f5372.1000a.14143fdce50.Coremail.libvirt@163.com"
type="cite">
<div
style="line-height:1.7;color:#000000;font-size:14px;font-family:arial">
<div>selinux is disabled now. </div>
<div>----------------</div>
<div>libvirtError: internal error Process exited while reading
console log output: char device redirected to /dev/pts/3<br>
qemu-kvm: -drive
file=/rhev/data-center/7828f2ae-955e-4e4b-a4bb-43807629dc52/d028d521-d4a9-4dd7-a0fe-3e9b60e7c4e4/images/ac025dc1-4e25-4b71-8c56-88dcb61b9f09/c1bfddb4-3562-4893-9df8-3f3239b277a9,if=none,id=drive-ide0-0-0,format=qcow2,serial=ac025dc1-4e25-4b71-8c56-88dcb61b9f09,cache=none,werror=stop,rerror=stop,aio=native:
could not open disk image
/rhev/data-center/7828f2ae-955e-4e4b-a4bb-43807629dc52/d028d521-d4a9-4dd7-a0fe-3e9b60e7c4e4/images/ac025dc1-4e25-4b71-8c56-88dcb61b9f09/c1bfddb4-3562-4893-9df8-3f3239b277a9:
Operation not permitted</div>
</div>
</blockquote>
<br>
If selinux is disabled, then this failure has no relation to
selinux.<br>
<br>
<blockquote
cite="mid:a6f5372.1000a.14143fdce50.Coremail.libvirt@163.com"
type="cite">
<div
style="line-height:1.7;color:#000000;font-size:14px;font-family:arial">
<div> </div>
<div>aud! it.log</div>
<div>type=VIRT_CONTROL msg=audit(1379810795.213:41569): user
pid=1637 uid=0 auid=4294967295 ses=4294967295
subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm
op=start reason=booted vm="testname-1"
uuid=24f7e975-9aa5-4a14-b0f0-590add14c8b5 vm-pid=-1
exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=?
res=failed'</div>
</div>
</blockquote>
<br>
This is not an selinux AVC message, it is just a very general
libvirt-generated audit message saying "you tried to start
'testname-1' and it failed".<br>
<br>
You should verify that every component of the path to the image file
has at least r and x permissions for the user/group that is set in
/var/log/libvirt/qemu.conf. Also, note that if your images are on a
root-squashing NFS server (very common with RHEV), you will need to
set dynamic_ownership=0 in qemu.conf.<br>
<br>
<br>
</body>
</html>