Daniel P. Berrange wrote:
On Tue, Dec 15, 2009 at 12:02:50AM -0500, Gerry Reno wrote:
# virsh start Ubuntu-domU-x86-1
Connecting to uri: qemu:///system
error: Failed to start domain Ubuntu-domU-x86-1
error: internal error unable to start guest: libvir: error : cannot
execute binary /usr/bin/xenner: Permission denied
# ls -l /usr/bin/xenner
-rwxr-xr-x 1 root root 118936 2009-12-14 17:05 /usr/bin/xenner
Sure looks executable. And there's no SELinux on the box.
libvirt is 0.7.0
What the..?
Seriously bizarre ! What distro ? You might want to strace the
libvirtd daemon
strace -f -o trace.log $PID-OF-LIBVIRTD
and then look in trace.log for EPERM / EACCESS on any syscall.
Daniel
The host is Ubuntu 9.10. And apparmor has been disabled but what's
strange is that it looks like the kernel is loading a profile and then
denying access and then removing the profile.
# virsh start Ubuntu-domU-x86-1
Connecting to uri: qemu:///system
error: Failed to start domain Ubuntu-domU-x86-1
error: internal error unable to start guest: libvir: error : cannot
execute binary /usr/bin/xenner: Permission denied
# ls -l /usr/bin/xenner
-rwxr-xr-x 1 root root 118936 2009-12-14 17:05 /usr/bin/xenner
+ apparmor_status
apparmor module is loaded.
0 profiles are loaded.
0 profiles are in enforce mode.
0 profiles are in complain mode.
0 processes have profiles defined.
0 processes are in enforce mode :
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
# /var/log/kern.log:
Dec 15 11:28:35 grp-01-23-02 kernel: [213217.260223] type=1503
audit(1260894515.683:73): operation="exec" pid=16770 parent=16769
profile="libvirt-74367128-9bd6-3264-3833-f661c47b464e"
requested_mask="x::" denied_mask="x::" fsuid=0 ouid=0 name="/usr/bin/xenner"
Dec 15 11:28:35 grp-01-23-02 kernel: [213217.305593] br0: port 2(vnet0)
entering disabled state
Dec 15 11:28:35 grp-01-23-02 kernel: [213217.344700] device vnet0 left
promiscuous mode
Dec 15 11:28:35 grp-01-23-02 kernel: [213217.344703] br0: port 2(vnet0)
entering disabled state
Dec 15 11:28:35 grp-01-23-02 kernel: [213217.560461] type=1505
audit(1260894515.976:74): operation="profile_remove" pid=16772
name=libvirt-74367128-9bd6-3264-3833-f661c47b464e namespace=default
Dec 15 11:30:20 grp-01-23-02 kernel: [213322.133717] type=1505
audit(1260894620.556:75): operation="profile_load" pid=16995
name=libvirt-74367128-9bd6-3264-3833-f661c47b464e
Dec 15 11:30:20 grp-01-23-02 kernel: [213322.137277] device vnet0
entered promiscuous mode
Dec 15 11:30:20 grp-01-23-02 kernel: [213322.138430] br0: port 2(vnet0)
entering learning state
Dec 15 11:30:20 grp-01-23-02 kernel: [213322.139715] type=1503
audit(1260894620.556:76): operation="exec" pid=16999 parent=16998
profile="libvirt-74367128-9bd6-3264-3833-f661c47b464e"
requested_mask="x::" denied_mask="x::" fsuid=0 ouid=0 name="/usr/bin/xenner"
Dec 15 11:30:20 grp-01-23-02 kernel: [213322.181318] br0: port 2(vnet0)
entering disabled state
Dec 15 11:30:20 grp-01-23-02 kernel: [213322.220628] device vnet0 left
promiscuous mode
Dec 15 11:30:20 grp-01-23-02 kernel: [213322.220631] br0: port 2(vnet0)
entering disabled state
Dec 15 11:30:20 grp-01-23-02 kernel: [213322.359241] type=1505
audit(1260894620.773:77): operation="profile_remove" pid=17001
name=libvirt-74367128-9bd6-3264-3833-f661c47b464e namespace=default
-Gerry
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list