Re: Still a kvm problem after 5.6 upgrade

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/21/2011 09:47 PM, David McGuffey wrote:
> 
> On Thu, 2011-04-21 at 21:09 -0400, David McGuffey wrote:
>> On Thu, 2011-04-21 at 18:01 +0200, Kenni Lund wrote:
>>> 2011/4/21 Johnny Hughes <johnny@xxxxxxxxxx>:
>>>> On 04/21/2011 06:11 AM, David McGuffey wrote:
>>>>> redlibvirtError: internal error Process exited while reading console log
>>>>> output: qemu: could not open disk image /dev/hda
>>>>
>>>> You should not need to do anything in virsh to dump a file ... there
>>>> should be an xml file in /etc/libvirt/qemu/ for every VM already.
>>>
>>> The XML-files in /etc/libvirt/qemu represent libvirt defined VMs, you
>>> should never edit these files directly while the libvirtd service is
>>> running. You should either use 'virsh edit [vm_name]' or alternatively
>>> virsh dump followed by virsh define. If you edit the file directly
>>> while some manager is running (like virt-manager in CentOS), your
>>> changes will most likely conflict with, or get overwritten by,
>>> virt-manager. Nothing critical should happen, but I don't see any
>>> reason for encouraging doing it The Wrong Way(TM).
>>>
>>> Best regards
>>> Kenni
>>
>> Problem may be an SELinux problem.  Here is the alert. Notice the
>> reference to '/dev/hda' (which is the virtual machine boot disk), and
>> the SELinux context 'virt_content_t'
>>
>> I'm going to create /.autorelable and reboot to ensure the upgrade
>> properly relabled the filesystems.
>>
>>
>> Summary:
>>
>> SELinux is preventing pam_console_app (pam_console_t) "getattr"
>> to /dev/hda
>> (virt_content_t).
>>
>> Detailed Description:
>>
>> SELinux denied access requested by pam_console_app. It is not expected
>> that this
>> access is required by pam_console_app and this access may signal an
>> intrusion
>> attempt. It is also possible that the specific version or configuration
>> of the
>> application is causing it to require additional access.
>>
>> Allowing Access:
>>
>> Sometimes labeling problems can cause SELinux denials. You could try to
>> restore
>> the default system file context for /dev/hda,
>>
>> restorecon -v '/dev/hda'
>>
> 
> Yep...each time I try to start the VM, sealert increments this error by
> one.
> 
> I created /.autorelable and rebooted.  SELinux relabeled everything, but
> the sealert still fires when I try to start the VM.
> 
> I did a qemu-img <path_to_vm>/vm.img and the format is declared 'raw'
> Therefore I should not be editing the vm.xml file and changing 'raw' to
> 'qcow2'
> 
> Problem is definately with the SELlnux labels in the 5.6 upgrade.
> 
> Dave M
> 
> 
> _______________________________________________
> CentOS mailing list
> CentOS@xxxxxxxxxx
> http://lists.centos.org/mailman/listinfo/centos
This is an SELinux issue.  It really has no effect on the virtual
machine.  The problem is the label is not something pam_console policy
expected to have on a blk device.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk2xVdgACgkQrlYvE4MpobOAGwCfW9TiLJYsytvvoPl3Kcxfz7w6
iA8An2+Qt0QrKTzp3CyCRVu+sJIKe7wn
=JblK
-----END PGP SIGNATURE-----
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux