On 03/21/2014 12:13 PM, Juerg Haefliger wrote: > > > > On Fri, Mar 21, 2014 at 3:40 PM, Cole Robinson <crobinso@xxxxxxxxxx > <mailto:crobinso@xxxxxxxxxx>> wrote: >> >> On 03/21/2014 10:36 AM, Juerg Haefliger wrote: >> > Hi, >> > >> > I started a VM using the official F20 cloud image, installed libvirt and its >> > dependencies and tried to create a guest but SELinux won't let me: >> > >> > [root@fedora-20 ~]# virsh create mini.xml >> > error: Failed to create domain from mini.xml >> > error: Input/output error >> > >> > [root@fedora-20 ~]# journalctl | tail >> > Mar 21 14:23:06 fedora-20 systemd[1]: SELinux policy denies access. >> > Mar 21 14:23:06 fedora-20 systemd-machined[7210]: Failed to start machine >> > scope: Access denied >> > Mar 21 14:23:06 fedora-20 libvirtd[6856]: Input/output error >> > >> > [root@fedora-20 ~]# cat /var/log/libvirt/qemu/mini.log >> > 2014-03-21 14:23:06.740+0000: starting up >> > LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin >> > QEMU_AUDIO_DRV=none /usr/bin/qemu-system-x86_64 -name mini -S -machine >> > pc-i440fx-1.6,accel=tcg,usb=off -m 1024 -realtime mlock=off -smp >> > 1,sockets=1,cores=1,threads=1 -uuid 11111111-2890-2015-1f87-cbfa725b1dd3 >> > -nographic -no-user-config -nodefaults -chardev >> > socket,id=charmonitor,path=/var/lib/libvirt/qemu/mini.monitor,server,nowait >> > -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown >> > -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device >> > virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x2 >> > 2014-03-21 14:23:06.744+0000: shutting down >> > >> >> > msg='virt=qemu vm="mini" uuid=11111111-2890-2015-1f87-cbfa725b1dd3 >> > vm-ctx=107:107 img-ctx=107:107 model=dac exe="/usr/sbin/libvirtd" hostname=? >> > addr=? terminal=? res=success' >> > type=USER_AVC msg=audit(1395412399.788:283): pid=1 uid=0 auid=4294967295 >> > ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc: denied { start } >> > for auid=-1 uid=-1 gid=-1 scontext=system_u:system_r:init_t:s0 >> > tcontext=system_u:system_r:init_t:s0 tclass=service >> >> That's strange, not sure what caused it. Try an selinux relabel. Make sure >> selinux isn't disabled at startup (permissive is fine), and do: >> >> sudo touch /.autorelabel >> reboot > > Problem still persists. Is there a way to check that the relabling actually > happened? /.autorelabel should have been removed, and boot should have been quite slow, with progress output printed to the tty (hit escape to see the boot output instead of the graphical plymouth boot). - Cole _______________________________________________ cloud mailing list cloud@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/cloud Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
