Hello,
I need to do "setenforce 0" before I'm able to install Xen VMs with LVM volumes as disk backends.. Should I file a bugzilla entry about this?
See here for an example about the issue:
# rpm -qa|grep -i xen xen-licenses-4.1.1-8.fc16.x86_64 netxen-firmware-4.0.534-4.fc15.noarch xen-libs-4.1.1-8.fc16.x86_64 xen-4.1.1-8.fc16.x86_64 xen-hypervisor-4.1.1-8.fc16.x86_64 xen-runtime-4.1.1-8.fc16.x86_64
# rpm -qa|grep -i selinux libselinux-python-2.1.5-5.1.fc16.x86_64 libselinux-utils-2.1.5-5.1.fc16.x86_64 selinux-policy-3.10.0-40.fc16.noarch libselinux-2.1.5-5.1.fc16.x86_64 selinux-policy-targeted-3.10.0-40.fc16.noarch
# getenforce Enforcing
# uname -a Linux f16.localdomain 3.1.0-0.rc9.git0.0.fc16.x86_64 #1 SMP Wed Oct 5 15:30:54 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
# xm list Name ID Mem VCPUs State Time(s) Domain-0 0 1024 4 r----- 74.0
# virt-install -d -n f16test32 -r 1024 --vcpus=2 -f /dev/vg_f16/f16test32 --vnc -p -l "http://server.tld/fedora/mount-f16-final-tc1-i386/" Sun, 16 Oct 2011 11:42:00 DEBUG Launched with command line: /usr/bin/virt-install -d -n f16test32 -r 1024 --vcpus=2 -f /dev/vg_f16/f16test32 --vnc -p -l http://server.tld/fedora/mount-f16-final-tc1-i386/ Sun, 16 Oct 2011 11:42:00 DEBUG Requesting libvirt URI default Sun, 16 Oct 2011 11:42:01 DEBUG Received libvirt URI xen:/// Sun, 16 Oct 2011 11:42:01 DEBUG Requesting virt method 'xen', hv type 'default'. Sun, 16 Oct 2011 11:42:01 DEBUG Received virt method 'xen' Sun, 16 Oct 2011 11:42:01 DEBUG Hypervisor name is 'xen' Sun, 16 Oct 2011 11:42:01 DEBUG --graphics compat generated: vnc Sun, 16 Oct 2011 11:42:01 DEBUG DistroInstaller location is a network source. Sun, 16 Oct 2011 11:42:01 DEBUG Attempting to detect distro: Sun, 16 Oct 2011 11:42:01 DEBUG Fetching URI: http://server.tld/fedora/mount-f16-final-tc1-i386/.treeinfo Sun, 16 Oct 2011 11:42:01 DEBUG Saved file to /var/tmp/virtinst-.treeinfo.Fx9zj5 Sun, 16 Oct 2011 11:42:01 DEBUG Guest.has_install_phase: True
Starting install... Sun, 16 Oct 2011 11:42:01 DEBUG scratchdir=/var/lib/xen Sun, 16 Oct 2011 11:42:01 DEBUG Attempting to detect distro: Sun, 16 Oct 2011 11:42:01 DEBUG Fetching URI: http://server.tld/fedora/mount-f16-final-tc1-i386/.treeinfo Sun, 16 Oct 2011 11:42:01 DEBUG Saved file to /var/lib/xen/virtinst-.treeinfo.tFlBQU Retrieving file .treeinfo... | 1.8 kB 00:00 ... Sun, 16 Oct 2011 11:42:01 DEBUG Fetching URI: http://server.tld/fedora/mount-f16-final-tc1-i386/images/pxeboot/vmlinuz-PAE Sun, 16 Oct 2011 11:42:01 DEBUG Saved file to /var/lib/xen/virtinst-vmlinuz-PAE.iI_tC0 Retrieving file vmlinuz-PAE... | 7.9 MB 00:00 ... Sun, 16 Oct 2011 11:42:01 DEBUG Fetching URI: http://server.tld/fedora/mount-f16-final-tc1-i386/images/pxeboot/initrd-PAE.... Sun, 16 Oct 2011 11:42:06 DEBUG Saved file to /var/lib/xen/virtinst-initrd-PAE.img.cpypw0==================== ] 31 MB/s | 119 MB 00:00 ETA Retrieving file initrd-PAE.img... | 257 MB 00:04 ... Sun, 16 Oct 2011 11:42:06 DEBUG Auto detected OS type as: linux Sun, 16 Oct 2011 11:42:06 DEBUG Auto detected OS variant as: fedora16 Sun, 16 Oct 2011 11:42:06 DEBUG Have access to local system scratchdir so nothing to upload Sun, 16 Oct 2011 11:42:06 DEBUG Generated install XML: <domain type='xen'> <name>f16test32</name> <uuid>3dafa790-e0e1-8ca9-da0c-4083336c3096</uuid> <memory>1048576</memory> <currentMemory>1048576</currentMemory> <vcpu>2</vcpu> <os> <type arch='x86_64'>linux</type> <kernel>/var/lib/xen/virtinst-vmlinuz-PAE.iI_tC0</kernel> <initrd>/var/lib/xen/virtinst-initrd-PAE.img.cpypw0</initrd> <cmdline>method=http://server.tld/fedora/mount-f16-final-tc1-i386/</cmdline> </os> <features> <acpi/><apic/> </features> <on_poweroff>destroy</on_poweroff> <on_reboot>destroy</on_reboot> <on_crash>destroy</on_crash> <devices> <disk type='block' device='disk'> <source dev='/dev/vg_f16/f16test32'/> <target dev='xvda' bus='xen'/> </disk> <interface type='network'> <source network='default'/> <mac address='00:16:3e:12:3c:49'/> </interface> <input type='mouse' bus='xen'/> <graphics type='vnc' port='-1' keymap='fi'/> <video> <model type='cirrus'/> </video> </devices> </domain>
Sun, 16 Oct 2011 11:42:06 DEBUG Generated boot XML: <domain type='xen'> <name>f16test32</name> <uuid>3dafa790-e0e1-8ca9-da0c-4083336c3096</uuid> <memory>1048576</memory> <currentMemory>1048576</currentMemory> <vcpu>2</vcpu> <bootloader>/usr/bin/pygrub</bootloader> <features> <acpi/><apic/> </features> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>restart</on_crash> <devices> <disk type='block' device='disk'> <source dev='/dev/vg_f16/f16test32'/> <target dev='xvda' bus='xen'/> </disk> <interface type='network'> <source network='default'/> <mac address='00:16:3e:12:3c:49'/> </interface> <input type='mouse' bus='xen'/> <graphics type='vnc' port='-1' keymap='fi'/> <video> <model type='cirrus'/> </video> </devices> </domain>
Sun, 16 Oct 2011 11:42:08 DEBUG Removing /var/lib/xen/virtinst-vmlinuz-PAE.iI_tC0 Sun, 16 Oct 2011 11:42:08 DEBUG Removing /var/lib/xen/virtinst-initrd-PAE.img.cpypw0 Sun, 16 Oct 2011 11:42:08 ERROR Domain not found: xenUnifiedDomainLookupByName Sun, 16 Oct 2011 11:42:08 DEBUG Traceback (most recent call last): File "/usr/bin/virt-install", line 620, in start_install noboot=options.noreboot) File "/usr/lib/python2.7/site-packages/virtinst/Guest.py", line 1223, in start_install noboot) File "/usr/lib/python2.7/site-packages/virtinst/Guest.py", line 1291, in _create_guest dom = self.conn.createLinux(start_xml or final_xml, 0) File "/usr/lib64/python2.7/site-packages/libvirt.py", line 2077, in createLinux if ret is None:raise libvirtError('virDomainCreateLinux() failed', conn=self) libvirtError: Domain not found: xenUnifiedDomainLookupByName Sun, 16 Oct 2011 11:42:08 DEBUG Domain installation does not appear to have been successful. If it was, you can restart your domain by running: virsh --connect xen:/// start f16test32 otherwise, please restart your installation. Domain installation does not appear to have been successful. If it was, you can restart your domain by running: virsh --connect xen:/// start f16test32 otherwise, please restart your installation.
-- Pasi
On Sun, Oct 16, 2011 at 02:30:22PM +0300, Pasi Kärkkäinen wrote:
Hello,
I need to do "setenforce 0" before I'm able to install Xen VMs with LVM volumes as disk backends.. Should I file a bugzilla entry about this?
Please do.
I've found out that if I use 'virt-manager' to 'create' the disk the problem disappears. So I wonder if the problem is that you (and me) use a non-approved way of creating LVMs.
Perhaps some SELinux magic is required?
See here for an example about the issue:
# rpm -qa|grep -i xen xen-licenses-4.1.1-8.fc16.x86_64 netxen-firmware-4.0.534-4.fc15.noarch xen-libs-4.1.1-8.fc16.x86_64 xen-4.1.1-8.fc16.x86_64 xen-hypervisor-4.1.1-8.fc16.x86_64 xen-runtime-4.1.1-8.fc16.x86_64
# rpm -qa|grep -i selinux libselinux-python-2.1.5-5.1.fc16.x86_64 libselinux-utils-2.1.5-5.1.fc16.x86_64 selinux-policy-3.10.0-40.fc16.noarch libselinux-2.1.5-5.1.fc16.x86_64 selinux-policy-targeted-3.10.0-40.fc16.noarch
# getenforce Enforcing
# uname -a Linux f16.localdomain 3.1.0-0.rc9.git0.0.fc16.x86_64 #1 SMP Wed Oct 5 15:30:54 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
# xm list Name ID Mem VCPUs State Time(s) Domain-0 0 1024 4 r----- 74.0
# virt-install -d -n f16test32 -r 1024 --vcpus=2 -f /dev/vg_f16/f16test32 --vnc -p -l "http://server.tld/fedora/mount-f16-final-tc1-i386/" Sun, 16 Oct 2011 11:42:00 DEBUG Launched with command line: /usr/bin/virt-install -d -n f16test32 -r 1024 --vcpus=2 -f /dev/vg_f16/f16test32 --vnc -p -l http://server.tld/fedora/mount-f16-final-tc1-i386/ Sun, 16 Oct 2011 11:42:00 DEBUG Requesting libvirt URI default Sun, 16 Oct 2011 11:42:01 DEBUG Received libvirt URI xen:/// Sun, 16 Oct 2011 11:42:01 DEBUG Requesting virt method 'xen', hv type 'default'. Sun, 16 Oct 2011 11:42:01 DEBUG Received virt method 'xen' Sun, 16 Oct 2011 11:42:01 DEBUG Hypervisor name is 'xen' Sun, 16 Oct 2011 11:42:01 DEBUG --graphics compat generated: vnc Sun, 16 Oct 2011 11:42:01 DEBUG DistroInstaller location is a network source. Sun, 16 Oct 2011 11:42:01 DEBUG Attempting to detect distro: Sun, 16 Oct 2011 11:42:01 DEBUG Fetching URI: http://server.tld/fedora/mount-f16-final-tc1-i386/.treeinfo Sun, 16 Oct 2011 11:42:01 DEBUG Saved file to /var/tmp/virtinst-.treeinfo.Fx9zj5 Sun, 16 Oct 2011 11:42:01 DEBUG Guest.has_install_phase: True
Starting install... Sun, 16 Oct 2011 11:42:01 DEBUG scratchdir=/var/lib/xen Sun, 16 Oct 2011 11:42:01 DEBUG Attempting to detect distro: Sun, 16 Oct 2011 11:42:01 DEBUG Fetching URI: http://server.tld/fedora/mount-f16-final-tc1-i386/.treeinfo Sun, 16 Oct 2011 11:42:01 DEBUG Saved file to /var/lib/xen/virtinst-.treeinfo.tFlBQU Retrieving file .treeinfo... | 1.8 kB 00:00 ... Sun, 16 Oct 2011 11:42:01 DEBUG Fetching URI: http://server.tld/fedora/mount-f16-final-tc1-i386/images/pxeboot/vmlinuz-PAE Sun, 16 Oct 2011 11:42:01 DEBUG Saved file to /var/lib/xen/virtinst-vmlinuz-PAE.iI_tC0 Retrieving file vmlinuz-PAE... | 7.9 MB 00:00 ... Sun, 16 Oct 2011 11:42:01 DEBUG Fetching URI: http://server.tld/fedora/mount-f16-final-tc1-i386/images/pxeboot/initrd-PAE.... Sun, 16 Oct 2011 11:42:06 DEBUG Saved file to /var/lib/xen/virtinst-initrd-PAE.img.cpypw0==================== ] 31 MB/s | 119 MB 00:00 ETA Retrieving file initrd-PAE.img... | 257 MB 00:04 ... Sun, 16 Oct 2011 11:42:06 DEBUG Auto detected OS type as: linux Sun, 16 Oct 2011 11:42:06 DEBUG Auto detected OS variant as: fedora16 Sun, 16 Oct 2011 11:42:06 DEBUG Have access to local system scratchdir so nothing to upload Sun, 16 Oct 2011 11:42:06 DEBUG Generated install XML:
<domain type='xen'> <name>f16test32</name> <uuid>3dafa790-e0e1-8ca9-da0c-4083336c3096</uuid> <memory>1048576</memory> <currentMemory>1048576</currentMemory> <vcpu>2</vcpu> <os> <type arch='x86_64'>linux</type> <kernel>/var/lib/xen/virtinst-vmlinuz-PAE.iI_tC0</kernel> <initrd>/var/lib/xen/virtinst-initrd-PAE.img.cpypw0</initrd> <cmdline>method=http://server.tld/fedora/mount-f16-final-tc1-i386/</cmdline> </os> <features> <acpi/><apic/> </features> <on_poweroff>destroy</on_poweroff> <on_reboot>destroy</on_reboot> <on_crash>destroy</on_crash> <devices> <disk type='block' device='disk'> <source dev='/dev/vg_f16/f16test32'/> <target dev='xvda' bus='xen'/> </disk> <interface type='network'> <source network='default'/> <mac address='00:16:3e:12:3c:49'/> </interface> <input type='mouse' bus='xen'/> <graphics type='vnc' port='-1' keymap='fi'/> <video> <model type='cirrus'/> </video> </devices> </domain>
Sun, 16 Oct 2011 11:42:06 DEBUG Generated boot XML:
<domain type='xen'> <name>f16test32</name> <uuid>3dafa790-e0e1-8ca9-da0c-4083336c3096</uuid> <memory>1048576</memory> <currentMemory>1048576</currentMemory> <vcpu>2</vcpu> <bootloader>/usr/bin/pygrub</bootloader> <features> <acpi/><apic/> </features> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>restart</on_crash> <devices> <disk type='block' device='disk'> <source dev='/dev/vg_f16/f16test32'/> <target dev='xvda' bus='xen'/> </disk> <interface type='network'> <source network='default'/> <mac address='00:16:3e:12:3c:49'/> </interface> <input type='mouse' bus='xen'/> <graphics type='vnc' port='-1' keymap='fi'/> <video> <model type='cirrus'/> </video> </devices> </domain>
Sun, 16 Oct 2011 11:42:08 DEBUG Removing /var/lib/xen/virtinst-vmlinuz-PAE.iI_tC0 Sun, 16 Oct 2011 11:42:08 DEBUG Removing /var/lib/xen/virtinst-initrd-PAE.img.cpypw0 Sun, 16 Oct 2011 11:42:08 ERROR Domain not found: xenUnifiedDomainLookupByName Sun, 16 Oct 2011 11:42:08 DEBUG Traceback (most recent call last): File "/usr/bin/virt-install", line 620, in start_install noboot=options.noreboot) File "/usr/lib/python2.7/site-packages/virtinst/Guest.py", line 1223, in start_install noboot) File "/usr/lib/python2.7/site-packages/virtinst/Guest.py", line 1291, in _create_guest dom = self.conn.createLinux(start_xml or final_xml, 0) File "/usr/lib64/python2.7/site-packages/libvirt.py", line 2077, in createLinux if ret is None:raise libvirtError('virDomainCreateLinux() failed', conn=self) libvirtError: Domain not found: xenUnifiedDomainLookupByName Sun, 16 Oct 2011 11:42:08 DEBUG Domain installation does not appear to have been successful. If it was, you can restart your domain by running: virsh --connect xen:/// start f16test32 otherwise, please restart your installation. Domain installation does not appear to have been successful. If it was, you can restart your domain by running: virsh --connect xen:/// start f16test32 otherwise, please restart your installation.
-- Pasi
-- xen mailing list xen@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/xen
On Sun, 16 Oct 2011 14:30:22 +0300 Pasi Kärkkäinen pasik@iki.fi wrote:
Hello,
I need to do "setenforce 0" before I'm able to install Xen VMs with LVM volumes as disk backends.. Should I file a bugzilla entry about this?
I wonder if you're hitting the same thing that I filed last week: - 745996 - AVC denials preventing start of Xen domain [1]
I'm generating my DomUs outside of Xen, so I don't see it at install time but I'm wondering if they might be related.
Are the AVC denials the same as the ones I listed there?
Tim
On Mon, Oct 17, 2011 at 11:40:01AM -0600, Tim Flink wrote:
On Sun, 16 Oct 2011 14:30:22 +0300 Pasi Kärkkäinen pasik@iki.fi wrote:
Hello,
I need to do "setenforce 0" before I'm able to install Xen VMs with LVM volumes as disk backends.. Should I file a bugzilla entry about this?
I wonder if you're hitting the same thing that I filed last week:
- 745996 - AVC denials preventing start of Xen domain [1]
I'm generating my DomUs outside of Xen, so I don't see it at install time but I'm wondering if they might be related.
Are the AVC denials the same as the ones I listed there?
Tim
Hey,
While running virt-install I get this in audit.log:
type=AVC msg=audit(1320149119.737:90): avc: denied { read write } for pid=2591 comm="qemu-dm" name="ptmx" dev=devtmpfs ino=1121 scontext=system_u:system_r:qemu_dm_t:s0 tcontext=system_u:object_r:ptmx_t:s0 tclass=chr_file type=SYSCALL msg=audit(1320149119.737:90): arch=c000003e syscall=2 success=no exit=-13 a0=7f695a69f28d a1=2 a2=0 a3=7fff366862e0 items=0 ppid=1148 pid=2591 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="qemu-dm" exe="/usr/lib/xen/bin/qemu-dm" subj=system_u:system_r:qemu_dm_t:s0 key=(null) type=ANOM_PROMISCUOUS msg=audit(1320149119.932:91): dev=vif3.0 prom=256 old_prom=0 auid=4294967295 uid=0 gid=0 ses=4294967295 type=SYSCALL msg=audit(1320149119.932:91): arch=c000003e syscall=16 success=yes exit=0 a0=3 a1=89a2 a2=7fffff760a30 a3=7fffff760790 items=0 ppid=2662 pid=2698 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="brctl" exe="/usr/sbin/brctl" subj=system_u:system_r:brctl_t:s0-s0:c0.c1023 key=(null)
And this error from virt-install:
Tue, 01 Nov 2011 14:05:20 DEBUG Removing /var/lib/xen/virtinst-vmlinuz.Gt3BQs Tue, 01 Nov 2011 14:05:20 DEBUG Removing /var/lib/xen/virtinst-initrd.img.8Jx2yN Tue, 01 Nov 2011 14:05:20 ERROR Domain not found: xenUnifiedDomainLookupByName Tue, 01 Nov 2011 14:05:20 DEBUG Traceback (most recent call last): File "/usr/bin/virt-install", line 620, in start_install noboot=options.noreboot) File "/usr/lib/python2.7/site-packages/virtinst/Guest.py", line 1223, in start_install noboot) File "/usr/lib/python2.7/site-packages/virtinst/Guest.py", line 1291, in _create_guest dom = self.conn.createLinux(start_xml or final_xml, 0) File "/usr/lib64/python2.7/site-packages/libvirt.py", line 2077, in createLinux if ret is None:raise libvirtError('virDomainCreateLinux() failed', conn=self) libvirtError: Domain not found: xenUnifiedDomainLookupByName Tue, 01 Nov 2011 14:05:20 DEBUG Domain installation does not appear to have been successful. If it was, you can restart your domain by running: virsh --connect xen:/// start f16foo otherwise, please restart your installation. Domain installation does not appear to have been successful. If it was, you can restart your domain by running: virsh --connect xen:/// start f16foo otherwise, please restart your installation.
So it looks different to your errors.. I'll file a new bug.
-- Pasi
On Tue, Nov 01, 2011 at 03:50:32PM +0200, Pasi Kärkkäinen wrote:
On Mon, Oct 17, 2011 at 11:40:01AM -0600, Tim Flink wrote:
On Sun, 16 Oct 2011 14:30:22 +0300 Pasi Kärkkäinen pasik@iki.fi wrote:
Hello,
I need to do "setenforce 0" before I'm able to install Xen VMs with LVM volumes as disk backends.. Should I file a bugzilla entry about this?
I wonder if you're hitting the same thing that I filed last week:
- 745996 - AVC denials preventing start of Xen domain [1]
I'm generating my DomUs outside of Xen, so I don't see it at install time but I'm wondering if they might be related.
Are the AVC denials the same as the ones I listed there?
Tim
So it looks different to your errors.. I'll file a new bug.
Done: "SElinux prevents installation of Xen PV domU with virt-install or virt-manager": https://bugzilla.redhat.com/show_bug.cgi?id=750535
Is the component "xen" correct one for that bug?
-- Pasi
-
Konrad Rzeszutek Wilk -
Pasi Kärkkäinen -
Tim Flink