[libvirt] bug. libvirt related to selinux.

yue libvirt at 163.com
Tue Sep 24 14:01:51 UTC 2013 


i have changed /etc/libvirt/qemu.conf  , set  qemu ownship to root:root
but  report  the same error .
i have checked every place i can think of . almost all aspect  like ownship,perm,image state......





在 2013-09-23 16:33:06,"Laine Stump" <laine at laine.org> 写道:

On 09/22/2013 12:46 AM, yue wrote:

hi,all
when 'virsh start testname-1' failed, but i can start it throught commandline which is copy from libvirtd.log.

When you run qemu from the shell, you are running it as root. When libvirt runs qemu, it is running it as the user/group that is given in /etc/libvirt/qemu.conf. Generally that user/group is *not* root, but some other account that has drastically reduced privileges.


selinux is disabled now. 
----------------
libvirtError: internal error Process exited while reading console log output: char device redirected to /dev/pts/3
qemu-kvm: -drive file=/rhev/data-center/7828f2ae-955e-4e4b-a4bb-43807629dc52/d028d521-d4a9-4dd7-a0fe-3e9b60e7c4e4/images/ac025dc1-4e25-4b71-8c56-88dcb61b9f09/c1bfddb4-3562-4893-9df8-3f3239b277a9,if=none,id=drive-ide0-0-0,format=qcow2,serial=ac025dc1-4e25-4b71-8c56-88dcb61b9f09,cache=none,werror=stop,rerror=stop,aio=native: could not open disk image /rhev/data-center/7828f2ae-955e-4e4b-a4bb-43807629dc52/d028d521-d4a9-4dd7-a0fe-3e9b60e7c4e4/images/ac025dc1-4e25-4b71-8c56-88dcb61b9f09/c1bfddb4-3562-4893-9df8-3f3239b277a9: Operation not permitted

If selinux is disabled, then this failure has no relation to selinux.


 
aud! it.log
type=VIRT_CONTROL msg=audit(1379810795.213:41569): user pid=1637 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm op=start reason=booted vm="testname-1" uuid=24f7e975-9aa5-4a14-b0f0-590add14c8b5 vm-pid=-1 exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=? res=failed'

This is not an selinux AVC message, it is just a very general libvirt-generated audit message saying "you tried to start 'testname-1' and it failed".

You should verify that every component of the path to the image file has at least r and x permissions for the user/group that is set in /var/log/libvirt/qemu.conf. Also, note that if your images are on a root-squashing NFS server (very common with RHEV), you will need to set dynamic_ownership=0 in qemu.conf.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130924/8062d49a/attachment-0001.htm>

More information about the libvir-list mailing list