[virt-tools-list] Fedora 18, virt-manager & libguestfs SELinux relabelling problem

[Richard W.M. Jones]

I just want to bring everyone's attention this important bug in
Fedora 18.  It looks like people are now starting to upgrade to F18
and are hitting this bug.

  https://bugzilla.redhat.com/show_bug.cgi?id=912499

In brief, when virt-manager runs, it starts some libguestfs instances
in the background to inspect guests.  Starting with Fedora 18 these
use libvirt and because of a bad interaction between libguestfs &
libvirt this causes the guest disks to get [SELinux] relabelled which
suddenly prevents the guests from accessing their own disks.

This will only affect you if SELinux is set to Enforcing.

You may also see the same problem if you use read-only tools on
running guests, such as virt-df, virt-inspector, virt-cat, etc.,
as root.

There are two workarounds possible in the short term:

(1) To continue using libguestfs to inspect disks, ensure the
    following environment variable is set everywhere:

    export LIBGUESTFS_ATTACH_METHOD=appliance

    (eg. by putting that line into /etc/profile.d/local.sh and logging
    out).

    Note that this disables sVirt protection in libguestfs, even if
    SELinux is enabled.

(2) OR do:

    yum uninstall python-libguestfs

    This will disable the inspection features of virt-manager.

I intend to fix the bug by modifying how it uses libvirt, and to push
an updated libguestfs package to Fedora 18, but that will take a few weeks.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine.  Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/