[Fedora-xen] Going Nuts over XEN in F7

yoron yor_on at hotmail.com
Tue Sep 4 19:33:33 UTC 2007 

I use a updated (last was today :) Fedora7 on a quadra core Server (Primergy
rx300 s3)
Trying XEN and it's 'Virtual Machine Manager' i meet with those problems..

-----------------------

Unable to complete install '<class 'libvirt.libvirtError'>
virDomainCreateLinux() failed POST-operation misslyckades: (xend.err 'Device
768 (vbd) could not be connected. /images/images/test_1_2003 does not
exist.')
Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/create.py", line 681, in
do_install
dom = guest.start_install(False, meter = meter)
File "/usr/lib/python2.5/site-packages/virtinst/Guest.py", line 710, in
start_install
return self._do_install(consolecb, meter)
File "/usr/lib/python2.5/site-packages/virtinst/Guest.py", line 727, in
_do_install
self.domain = self.conn.createLinux(install_xml, 0)
File "/usr/lib/python2.5/site-packages/libvirt.py", line 563, in createLinux
if ret is None:raise libvirtError('virDomainCreateLinux() failed',
conn=self)
libvirtError: virDomainCreateLinux() failed POST-operation misslyckades:
(xend.err 'Device 768 (vbd) could not be connected.
/images/images/test_1_2003 does not exist.')
'
-----------------------------------
And try_2
-----------------------------------

Unable to complete install '<class 'libvirt.libvirtError'>
virDomainCreateLinux() failed POST-operation misslyckades: (xend.err 'Device
768 (vbd) could not be connected. /images/test1 does not exist.')
Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/create.py", line 681, in
do_install
dom = guest.start_install(False, meter = meter)
File "/usr/lib/python2.5/site-packages/virtinst/Guest.py", line 710, in
start_install
return self._do_install(consolecb, meter)
File "/usr/lib/python2.5/site-packages/virtinst/Guest.py", line 727, in
_do_install
self.domain = self.conn.createLinux(install_xml, 0)
File "/usr/lib/python2.5/site-packages/libvirt.py", line 563, in createLinux
if ret is None:raise libvirtError('virDomainCreateLinux() failed',
conn=self)
libvirtError: virDomainCreateLinux() failed POST-operation misslyckades:
(xend.err 'Device 768 (vbd) could not be connected. /images/test1 does not
exist.')
'
-----------------------------
So i disable SElinux from <system administration> :)
Guess what :)happens ah ha..
--------------------------------
Summary
SELinux is preventing access to files with the label, file_t.

Detailed Description
SELinux permission checks on files labeled file_t are being denied. file_t
is the context the SELinux kernel gives to files that do not have a
label.This indicates a serious labeling problem. No files on an SELinux box
should ever be labeled file_t. If you have just added a new disk drive to
the system you can relabel it using the restorecon command. Otherwise you
should relabel the entire files system.

Allowing Access
You can execute the following command as root to relabel your computer
system: "touch /.autorelabel; reboot"

Additional Information

Source Context system_u:system_r:udev_t:SystemLow-SystemHigh
Target Context root:object_r:file_t
Target Objects /images/2003_sist [ file ]
Affected RPM Packages coreutils-6.9-3.fc7 [application]
Policy RPM selinux-policy-2.6.4-38.fc7
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Permissive
Plugin Name plugins.file
Host Name localhost.localdomain
Platform Linux localhost.localdomain 2.6.20-2931.fc7xen #1
SMP Mon Aug 13 10:12:37 EDT 2007 i686 i686
Alert Count 1
First Seen tis 4 sep 2007 17.29.44
Last Seen tis 4 sep 2007 17.29.44
Local ID 804af117-e5d9-4304-a8bd-83f0a26bb4a1
Line Numbers

Raw Audit Messages

avc: denied { getattr } for comm="readlink" dev=sdb1 egid=0 euid=0
exe="/usr/bin/readlink" exit=0 fsgid=0 fsuid=0 gid=0 items=0
name="2003_sist"
path="/images/2003_sist" pid=16317
scontext=system_u:system_r:udev_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:udev_t:s0-s0:c0.c1023 suid=0 tclass=file
tcontext=root:object_r:file_t:s0 tty=(none) uid=0

------------------------
And
----------------------

Summary
SELinux is preventing /sbin/losetup (fsadm_t) "read write" to 2003_sist
(file_t).

Detailed Description
SELinux denied /sbin/losetup access to 2003_sist. If this is a swapfile it
has to have a file context label of swapfile_t. If you did not intend to use
2003_sist as a swapfile it probably indicates a bug, however it could also
signal a intrusion attempt.

Allowing Access
You can alter the file context by executing chcon -t swapfile_t 2003_sist

The following command will allow this access:
chcon x-t swapfile_t 2003_sist

Additional Information

Source Context system_u:system_r:fsadm_t:SystemLow-SystemHigh
Target Context root:object_r:file_t
Target Objects 2003_sist [ file ]
Affected RPM Packages util-linux-2.13-0.54.fc7 [application]
Policy RPM selinux-policy-2.6.4-38.fc7
Selinux Enabled True
Policy Type targeted
MLS Enabled True
Enforcing Mode Permissive
Plugin Name plugins.swapfile
Host Name localhost.localdomain
Platform Linux localhost.localdomain 2.6.20-2931.fc7xen #1
SMP Mon Aug 13 10:12:37 EDT 2007 i686 i686
Alert Count 1
First Seen tis 4 sep 2007 17.29.45
Last Seen tis 4 sep 2007 17.29.45
Local ID db4d705b-dbc9-47b5-b99c-03d97a7c2a85
Line Numbers

Raw Audit Messages

avc: denied { read, write } for comm="losetup" dev=sdb1 egid=0 euid=0
exe="/sbin/losetup" exit=3 fsgid=0 fsuid=0 gid=0 items=0 name="2003_sist"
pid=16450 scontext=system_u:system_r:fsadm_t:s0-s0:c0.c1023 sgid=0
subj=system_u:system_r:fsadm_t:s0-s0:c0.c1023 suid=0 tclass=file
tcontext=root:object_r:file_t:s0 tty=(none) uid=0

--------------------------------------------------

Now, will i have to do this every time?
( executing chcon -t swapfile_'whatever_file')
Or should i use this?
----------------------------------

" The only way that this file would get created is if the system was booted
with selinux=0
(or SELINUX=disabled in /etc/selinux/config).
Or if you added a new disk to a machine that was not labeled via SELinux. "

As it is a Server we are talking about i would prefere to leave SeLinux on.
But as i'm gonna 'play' with a lot of different OS and also using a net ???

-----------------------------------------------
So i tried to close down SeLinux and my firewall too ( unconnected though:)
At my first try (two cpu: 1 Gig memory 10 Gig HD (as a file) i got to the
beginning of a GUI (W 2003)
then when 2003 tried to read in the graphical interface it hung.
And when i created a totally new imagefile it wouldn't start :)

Here is the output from Virtual Machine Manager (XEN)

--------------------------------
' Kan inte slutföra (can't finish ) installationen: 'virDomainCreateLinux()
failed POST-operation (failed) misslyckades: (xend.err 'Device 0 (vif) could
not be connected. Hotplug scripts not working.')' '

and

Unable to complete install '<class 'libvirt.libvirtError'>
virDomainCreateLinux() failed POST-operation misslyckades: (xend.err 'Device
0 (vif) could not be connected. Hotplug scripts not working.')
Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/create.py", line 681, in
do_install
dom = guest.start_install(False, meter = meter)
File "/usr/lib/python2.5/site-packages/virtinst/Guest.py", line 710, in
start_install
return self._do_install(consolecb, meter)
File "/usr/lib/python2.5/site-packages/virtinst/Guest.py", line 727, in
_do_install
self.domain = self.conn.createLinux(install_xml, 0)
File "/usr/lib/python2.5/site-packages/libvirt.py", line 563, in createLinux
if ret is None:raise libvirtError('virDomainCreateLinux() failed',
conn=self)
libvirtError: virDomainCreateLinux() failed POST-operation misslyckades:
(xend.err 'Device 0 (vif) could not be connected. Hotplug scripts not
working.')

--------------------------------------

Well :) Can't say that i'm overjoyed (Hotplug scripts not working???), and
yes,
i did change the 'permissions' on files globally via a rebot before trying
anew??

Any one?

btw: Gnome locked up after the last attempt and my screen too.
Had to 'hard boot' it at the end? Thought that with Xen embedded around the
'OS' such things would be scarce?

Also :) What am i missing here?

Something more i should think of before trying?
(like why i got this crazy idea :)

Xen seems to have very specific ideas of how permissions should be depending
on where they are.
I thought that the beauty with a preinstalled Xen was that this was already
taken care off?
Is it me 'updating' from Fedora (yum default) that have screwed it up. So i
shouldn't update at all??

Cheers.



--------------------------
-- 
View this message in context: http://www.nabble.com/Going-Nuts-over-XEN-in-F7-tf4379858.html#a12485073
Sent from the Fedora Xen mailing list archive at Nabble.com.

More information about the Fedora-xen mailing list