[libvirt] bug. libvirt related to selinux.

Laine Stump laine at laine.org
Mon Sep 23 08:33:06 UTC 2013


On 09/22/2013 12:46 AM, yue wrote:
> hi,all
> when 'virsh start testname-1' failed, but i can start it throught
> commandline which is copy from libvirtd.log.

When you run qemu from the shell, you are running it as root. When
libvirt runs qemu, it is running it as the user/group that is given in
/etc/libvirt/qemu.conf. Generally that user/group is *not* root, but
some other account that has drastically reduced privileges.

> selinux is disabled now. 
> ----------------
> libvirtError: internal error Process exited while reading console log
> output: char device redirected to /dev/pts/3
> qemu-kvm: -drive
> file=/rhev/data-center/7828f2ae-955e-4e4b-a4bb-43807629dc52/d028d521-d4a9-4dd7-a0fe-3e9b60e7c4e4/images/ac025dc1-4e25-4b71-8c56-88dcb61b9f09/c1bfddb4-3562-4893-9df8-3f3239b277a9,if=none,id=drive-ide0-0-0,format=qcow2,serial=ac025dc1-4e25-4b71-8c56-88dcb61b9f09,cache=none,werror=stop,rerror=stop,aio=native:
> could not open disk image
> /rhev/data-center/7828f2ae-955e-4e4b-a4bb-43807629dc52/d028d521-d4a9-4dd7-a0fe-3e9b60e7c4e4/images/ac025dc1-4e25-4b71-8c56-88dcb61b9f09/c1bfddb4-3562-4893-9df8-3f3239b277a9:
> Operation not permitted

If selinux is disabled, then this failure has no relation to selinux.

>  
> aud! it.log
> type=VIRT_CONTROL msg=audit(1379810795.213:41569): user pid=1637 uid=0
> auid=4294967295 ses=4294967295
> subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm op=start
> reason=booted vm="testname-1"
> uuid=24f7e975-9aa5-4a14-b0f0-590add14c8b5 vm-pid=-1
> exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=? res=failed'

This is not an selinux AVC message, it is just a very general
libvirt-generated audit message saying "you tried to start 'testname-1'
and it failed".

You should verify that every component of the path to the image file has
at least r and x permissions for the user/group that is set in
/var/log/libvirt/qemu.conf. Also, note that if your images are on a
root-squashing NFS server (very common with RHEV), you will need to set
dynamic_ownership=0 in qemu.conf.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130923/bdf8340a/attachment-0001.htm>


More information about the libvir-list mailing list