6:30 a.m.
Hello,
I need to do "setenforce 0" before I'm able to install Xen VMs with LVM
volumes as disk backends..
Should I file a bugzilla entry about this?
See here for an example about the issue:
# rpm -qa|grep -i xen
xen-licenses-4.1.1-8.fc16.x86_64
netxen-firmware-4.0.534-4.fc15.noarch
xen-libs-4.1.1-8.fc16.x86_64
xen-4.1.1-8.fc16.x86_64
xen-hypervisor-4.1.1-8.fc16.x86_64
xen-runtime-4.1.1-8.fc16.x86_64
# rpm -qa|grep -i selinux
libselinux-python-2.1.5-5.1.fc16.x86_64
libselinux-utils-2.1.5-5.1.fc16.x86_64
selinux-policy-3.10.0-40.fc16.noarch
libselinux-2.1.5-5.1.fc16.x86_64
selinux-policy-targeted-3.10.0-40.fc16.noarch
# getenforce
Enforcing
# uname -a
Linux f16.localdomain 3.1.0-0.rc9.git0.0.fc16.x86_64 #1 SMP Wed Oct 5 15:30:54 UTC 2011
x86_64 x86_64 x86_64 GNU/Linux
# xm list
Name ID Mem VCPUs State Time(s)
Domain-0 0 1024 4 r----- 74.0
# virt-install -d -n f16test32 -r 1024 --vcpus=2 -f /dev/vg_f16/f16test32 --vnc -p -l
"http://server.tld/fedora/mount-f16-final-tc1-i386/"
Sun, 16 Oct 2011 11:42:00 DEBUG Launched with command line:
/usr/bin/virt-install -d -n f16test32 -r 1024 --vcpus=2 -f /dev/vg_f16/f16test32 --vnc -p
-l http://server.tld/fedora/mount-f16-final-tc1-i386/
Sun, 16 Oct 2011 11:42:00 DEBUG Requesting libvirt URI default
Sun, 16 Oct 2011 11:42:01 DEBUG Received libvirt URI xen:///
Sun, 16 Oct 2011 11:42:01 DEBUG Requesting virt method 'xen', hv type
'default'.
Sun, 16 Oct 2011 11:42:01 DEBUG Received virt method 'xen'
Sun, 16 Oct 2011 11:42:01 DEBUG Hypervisor name is 'xen'
Sun, 16 Oct 2011 11:42:01 DEBUG --graphics compat generated: vnc
Sun, 16 Oct 2011 11:42:01 DEBUG DistroInstaller location is a network source.
Sun, 16 Oct 2011 11:42:01 DEBUG Attempting to detect distro:
Sun, 16 Oct 2011 11:42:01 DEBUG Fetching URI:
http://server.tld/fedora/mount-f16-final-tc1-i386/.treeinfo
Sun, 16 Oct 2011 11:42:01 DEBUG Saved file to /var/tmp/virtinst-.treeinfo.Fx9zj5
Sun, 16 Oct 2011 11:42:01 DEBUG Guest.has_install_phase: True
Starting install...
Sun, 16 Oct 2011 11:42:01 DEBUG scratchdir=/var/lib/xen
Sun, 16 Oct 2011 11:42:01 DEBUG Attempting to detect distro:
Sun, 16 Oct 2011 11:42:01 DEBUG Fetching URI:
http://server.tld/fedora/mount-f16-final-tc1-i386/.treeinfo
Sun, 16 Oct 2011 11:42:01 DEBUG Saved file to /var/lib/xen/virtinst-.treeinfo.tFlBQU
Retrieving file .treeinfo...
| 1.8 kB 00:00 ...
Sun, 16 Oct 2011 11:42:01 DEBUG Fetching URI:
http://server.tld/fedora/mount-f16-final-tc1-i386/images/pxeboot/vmlinuz-PAE
Sun, 16 Oct 2011 11:42:01 DEBUG Saved file to /var/lib/xen/virtinst-vmlinuz-PAE.iI_tC0
Retrieving file vmlinuz-PAE...
| 7.9 MB 00:00 ...
Sun, 16 Oct 2011 11:42:01 DEBUG Fetching URI:
http://server.tld/fedora/mount-f16-final-tc1-i386/images/pxeboot/initrd-P...
Sun, 16 Oct 2011 11:42:06 DEBUG Saved file to
/var/lib/xen/virtinst-initrd-PAE.img.cpypw0==================== ] 31 MB/s | 119 MB
00:00 ETA
Retrieving file initrd-PAE.img...
| 257 MB 00:04 ...
Sun, 16 Oct 2011 11:42:06 DEBUG Auto detected OS type as: linux
Sun, 16 Oct 2011 11:42:06 DEBUG Auto detected OS variant as: fedora16
Sun, 16 Oct 2011 11:42:06 DEBUG Have access to local system scratchdir so nothing to
upload
Sun, 16 Oct 2011 11:42:06 DEBUG Generated install XML:
<domain type='xen'>
<name>f16test32</name>
<uuid>3dafa790-e0e1-8ca9-da0c-4083336c3096</uuid>
<memory>1048576</memory>
<currentMemory>1048576</currentMemory>
<vcpu>2</vcpu>
<os>
<type arch='x86_64'>linux</type>
<kernel>/var/lib/xen/virtinst-vmlinuz-PAE.iI_tC0</kernel>
<initrd>/var/lib/xen/virtinst-initrd-PAE.img.cpypw0</initrd>
<cmdline>method=http://server.tld/fedora/mount-f16-final-tc1-i386/</cmdline>
</os>
<features>
<acpi/><apic/>
</features>
<on_poweroff>destroy</on_poweroff>
<on_reboot>destroy</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<disk type='block' device='disk'>
<source dev='/dev/vg_f16/f16test32'/>
<target dev='xvda' bus='xen'/>
</disk>
<interface type='network'>
<source network='default'/>
<mac address='00:16:3e:12:3c:49'/>
</interface>
<input type='mouse' bus='xen'/>
<graphics type='vnc' port='-1' keymap='fi'/>
<video>
<model type='cirrus'/>
</video>
</devices>
</domain>
Sun, 16 Oct 2011 11:42:06 DEBUG Generated boot XML:
<domain type='xen'>
<name>f16test32</name>
<uuid>3dafa790-e0e1-8ca9-da0c-4083336c3096</uuid>
<memory>1048576</memory>
<currentMemory>1048576</currentMemory>
<vcpu>2</vcpu>
<bootloader>/usr/bin/pygrub</bootloader>
<features>
<acpi/><apic/>
</features>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<devices>
<disk type='block' device='disk'>
<source dev='/dev/vg_f16/f16test32'/>
<target dev='xvda' bus='xen'/>
</disk>
<interface type='network'>
<source network='default'/>
<mac address='00:16:3e:12:3c:49'/>
</interface>
<input type='mouse' bus='xen'/>
<graphics type='vnc' port='-1' keymap='fi'/>
<video>
<model type='cirrus'/>
</video>
</devices>
</domain>
Sun, 16 Oct 2011 11:42:08 DEBUG Removing /var/lib/xen/virtinst-vmlinuz-PAE.iI_tC0
Sun, 16 Oct 2011 11:42:08 DEBUG Removing /var/lib/xen/virtinst-initrd-PAE.img.cpypw0
Sun, 16 Oct 2011 11:42:08 ERROR Domain not found: xenUnifiedDomainLookupByName
Sun, 16 Oct 2011 11:42:08 DEBUG Traceback (most recent call last):
File "/usr/bin/virt-install", line 620, in start_install
noboot=options.noreboot)
File "/usr/lib/python2.7/site-packages/virtinst/Guest.py", line 1223, in
start_install
noboot)
File "/usr/lib/python2.7/site-packages/virtinst/Guest.py", line 1291, in
_create_guest
dom = self.conn.createLinux(start_xml or final_xml, 0)
File "/usr/lib64/python2.7/site-packages/libvirt.py", line 2077, in
createLinux
if ret is None:raise libvirtError('virDomainCreateLinux() failed', conn=self)
libvirtError: Domain not found: xenUnifiedDomainLookupByName
Sun, 16 Oct 2011 11:42:08 DEBUG Domain installation does not appear to have been
successful.
If it was, you can restart your domain by running:
virsh --connect xen:/// start f16test32
otherwise, please restart your installation.
Domain installation does not appear to have been successful.
If it was, you can restart your domain by running:
virsh --connect xen:/// start f16test32
otherwise, please restart your installation.
-- Pasi
noon
On Sun, Oct 16, 2011 at 02:30:22PM +0300, Pasi Kärkkäinen wrote:
Hello,
I need to do "setenforce 0" before I'm able to install Xen VMs with LVM
volumes as disk backends..
Should I file a bugzilla entry about this?
Please do.
I've found out that if I use 'virt-manager' to 'create' the disk the
problem
disappears. So I wonder if the problem is that you (and me) use a
non-approved way of creating LVMs.
Perhaps some SELinux magic is required?
See here for an example about the issue:
# rpm -qa|grep -i xen
xen-licenses-4.1.1-8.fc16.x86_64
netxen-firmware-4.0.534-4.fc15.noarch
xen-libs-4.1.1-8.fc16.x86_64
xen-4.1.1-8.fc16.x86_64
xen-hypervisor-4.1.1-8.fc16.x86_64
xen-runtime-4.1.1-8.fc16.x86_64
# rpm -qa|grep -i selinux
libselinux-python-2.1.5-5.1.fc16.x86_64
libselinux-utils-2.1.5-5.1.fc16.x86_64
selinux-policy-3.10.0-40.fc16.noarch
libselinux-2.1.5-5.1.fc16.x86_64
selinux-policy-targeted-3.10.0-40.fc16.noarch
# getenforce
Enforcing
# uname -a
Linux f16.localdomain 3.1.0-0.rc9.git0.0.fc16.x86_64 #1 SMP Wed Oct 5 15:30:54 UTC 2011
x86_64 x86_64 x86_64 GNU/Linux
# xm list
Name ID Mem VCPUs State Time(s)
Domain-0 0 1024 4 r----- 74.0
# virt-install -d -n f16test32 -r 1024 --vcpus=2 -f /dev/vg_f16/f16test32 --vnc -p -l
"http://server.tld/fedora/mount-f16-final-tc1-i386/"
Sun, 16 Oct 2011 11:42:00 DEBUG Launched with command line:
/usr/bin/virt-install -d -n f16test32 -r 1024 --vcpus=2 -f /dev/vg_f16/f16test32 --vnc -p
-l http://server.tld/fedora/mount-f16-final-tc1-i386/
Sun, 16 Oct 2011 11:42:00 DEBUG Requesting libvirt URI default
Sun, 16 Oct 2011 11:42:01 DEBUG Received libvirt URI xen:///
Sun, 16 Oct 2011 11:42:01 DEBUG Requesting virt method 'xen', hv type
'default'.
Sun, 16 Oct 2011 11:42:01 DEBUG Received virt method 'xen'
Sun, 16 Oct 2011 11:42:01 DEBUG Hypervisor name is 'xen'
Sun, 16 Oct 2011 11:42:01 DEBUG --graphics compat generated: vnc
Sun, 16 Oct 2011 11:42:01 DEBUG DistroInstaller location is a network source.
Sun, 16 Oct 2011 11:42:01 DEBUG Attempting to detect distro:
Sun, 16 Oct 2011 11:42:01 DEBUG Fetching URI:
http://server.tld/fedora/mount-f16-final-tc1-i386/.treeinfo
Sun, 16 Oct 2011 11:42:01 DEBUG Saved file to /var/tmp/virtinst-.treeinfo.Fx9zj5
Sun, 16 Oct 2011 11:42:01 DEBUG Guest.has_install_phase: True
Starting install...
Sun, 16 Oct 2011 11:42:01 DEBUG scratchdir=/var/lib/xen
Sun, 16 Oct 2011 11:42:01 DEBUG Attempting to detect distro:
Sun, 16 Oct 2011 11:42:01 DEBUG Fetching URI:
http://server.tld/fedora/mount-f16-final-tc1-i386/.treeinfo
Sun, 16 Oct 2011 11:42:01 DEBUG Saved file to /var/lib/xen/virtinst-.treeinfo.tFlBQU
Retrieving file .treeinfo...
| 1.8 kB 00:00 ...
Sun, 16 Oct 2011 11:42:01 DEBUG Fetching URI:
http://server.tld/fedora/mount-f16-final-tc1-i386/images/pxeboot/vmlinuz-PAE
Sun, 16 Oct 2011 11:42:01 DEBUG Saved file to
/var/lib/xen/virtinst-vmlinuz-PAE.iI_tC0
Retrieving file vmlinuz-PAE...
| 7.9 MB 00:00 ...
Sun, 16 Oct 2011 11:42:01 DEBUG Fetching URI:
http://server.tld/fedora/mount-f16-final-tc1-i386/images/pxeboot/initrd-P...
Sun, 16 Oct 2011 11:42:06 DEBUG Saved file to
/var/lib/xen/virtinst-initrd-PAE.img.cpypw0==================== ] 31 MB/s | 119 MB
00:00 ETA
Retrieving file initrd-PAE.img...
| 257 MB 00:04 ...
Sun, 16 Oct 2011 11:42:06 DEBUG Auto detected OS type as: linux
Sun, 16 Oct 2011 11:42:06 DEBUG Auto detected OS variant as: fedora16
Sun, 16 Oct 2011 11:42:06 DEBUG Have access to local system scratchdir so nothing to
upload
Sun, 16 Oct 2011 11:42:06 DEBUG Generated install XML:
<domain type='xen'>
<name>f16test32</name>
<uuid>3dafa790-e0e1-8ca9-da0c-4083336c3096</uuid>
<memory>1048576</memory>
<currentMemory>1048576</currentMemory>
<vcpu>2</vcpu>
<os>
<type arch='x86_64'>linux</type>
<kernel>/var/lib/xen/virtinst-vmlinuz-PAE.iI_tC0</kernel>
<initrd>/var/lib/xen/virtinst-initrd-PAE.img.cpypw0</initrd>
<cmdline>method=http://server.tld/fedora/mount-f16-final-tc1-i386/</cmdline>
</os>
<features>
<acpi/><apic/>
</features>
<on_poweroff>destroy</on_poweroff>
<on_reboot>destroy</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<disk type='block' device='disk'>
<source dev='/dev/vg_f16/f16test32'/>
<target dev='xvda' bus='xen'/>
</disk>
<interface type='network'>
<source network='default'/>
<mac address='00:16:3e:12:3c:49'/>
</interface>
<input type='mouse' bus='xen'/>
<graphics type='vnc' port='-1' keymap='fi'/>
<video>
<model type='cirrus'/>
</video>
</devices>
</domain>
Sun, 16 Oct 2011 11:42:06 DEBUG Generated boot XML:
<domain type='xen'>
<name>f16test32</name>
<uuid>3dafa790-e0e1-8ca9-da0c-4083336c3096</uuid>
<memory>1048576</memory>
<currentMemory>1048576</currentMemory>
<vcpu>2</vcpu>
<bootloader>/usr/bin/pygrub</bootloader>
<features>
<acpi/><apic/>
</features>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<devices>
<disk type='block' device='disk'>
<source dev='/dev/vg_f16/f16test32'/>
<target dev='xvda' bus='xen'/>
</disk>
<interface type='network'>
<source network='default'/>
<mac address='00:16:3e:12:3c:49'/>
</interface>
<input type='mouse' bus='xen'/>
<graphics type='vnc' port='-1' keymap='fi'/>
<video>
<model type='cirrus'/>
</video>
</devices>
</domain>
Sun, 16 Oct 2011 11:42:08 DEBUG Removing /var/lib/xen/virtinst-vmlinuz-PAE.iI_tC0
Sun, 16 Oct 2011 11:42:08 DEBUG Removing /var/lib/xen/virtinst-initrd-PAE.img.cpypw0
Sun, 16 Oct 2011 11:42:08 ERROR Domain not found: xenUnifiedDomainLookupByName
Sun, 16 Oct 2011 11:42:08 DEBUG Traceback (most recent call last):
File "/usr/bin/virt-install", line 620, in start_install
noboot=options.noreboot)
File "/usr/lib/python2.7/site-packages/virtinst/Guest.py", line 1223, in
start_install
noboot)
File "/usr/lib/python2.7/site-packages/virtinst/Guest.py", line 1291, in
_create_guest
dom = self.conn.createLinux(start_xml or final_xml, 0)
File "/usr/lib64/python2.7/site-packages/libvirt.py", line 2077, in
createLinux
if ret is None:raise libvirtError('virDomainCreateLinux() failed',
conn=self)
libvirtError: Domain not found: xenUnifiedDomainLookupByName
Sun, 16 Oct 2011 11:42:08 DEBUG Domain installation does not appear to have been
successful.
If it was, you can restart your domain by running:
virsh --connect xen:/// start f16test32
otherwise, please restart your installation.
Domain installation does not appear to have been successful.
If it was, you can restart your domain by running:
virsh --connect xen:/// start f16test32
otherwise, please restart your installation.
-- Pasi
--
xen mailing list
xen(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/xen
12:40 p.m.
On Sun, 16 Oct 2011 14:30:22 +0300
Pasi Kärkkäinen <pasik(a)iki.fi> wrote:
Hello,
I need to do "setenforce 0" before I'm able to install Xen VMs with
LVM volumes as disk backends.. Should I file a bugzilla entry about
this?
I wonder if you're hitting the same thing that I filed last week:
- 745996 - AVC denials preventing start of Xen domain [1]
I'm generating my DomUs outside of Xen, so I don't see it at install
time but I'm wondering if they might be related.
Are the AVC denials the same as the ones I listed there?
Tim
[1] https://bugzilla.redhat.com/show_bug.cgi?id=745996
8:50 a.m.
New subject: F16 Xen dom0 SElinux problems with LVM volumes for domUs
On Mon, Oct 17, 2011 at 11:40:01AM -0600, Tim Flink wrote:
On Sun, 16 Oct 2011 14:30:22 +0300
Pasi Kärkkäinen <pasik(a)iki.fi> wrote:
> Hello,
>
> I need to do "setenforce 0" before I'm able to install Xen VMs with
> LVM volumes as disk backends.. Should I file a bugzilla entry about
> this?
I wonder if you're hitting the same thing that I filed last week:
- 745996 - AVC denials preventing start of Xen domain [1]
I'm generating my DomUs outside of Xen, so I don't see it at install
time but I'm wondering if they might be related.
Are the AVC denials the same as the ones I listed there?
Tim
[1] https://bugzilla.redhat.com/show_bug.cgi?id=745996
Hey,
While running virt-install I get this in audit.log:
type=AVC msg=audit(1320149119.737:90): avc: denied { read write } for pid=2591
comm="qemu-dm" name="ptmx" dev=devtmpfs ino=1121
scontext=system_u:system_r:qemu_dm_t:s0 tcontext=system_u:object_r:ptmx_t:s0
tclass=chr_file
type=SYSCALL msg=audit(1320149119.737:90): arch=c000003e syscall=2 success=no exit=-13
a0=7f695a69f28d a1=2 a2=0 a3=7fff366862e0 items=0 ppid=1148 pid=2591 auid=4294967295 uid=0
gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
comm="qemu-dm" exe="/usr/lib/xen/bin/qemu-dm"
subj=system_u:system_r:qemu_dm_t:s0 key=(null)
type=ANOM_PROMISCUOUS msg=audit(1320149119.932:91): dev=vif3.0 prom=256 old_prom=0
auid=4294967295 uid=0 gid=0 ses=4294967295
type=SYSCALL msg=audit(1320149119.932:91): arch=c000003e syscall=16 success=yes exit=0
a0=3 a1=89a2 a2=7fffff760a30 a3=7fffff760790 items=0 ppid=2662 pid=2698 auid=4294967295
uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295
comm="brctl" exe="/usr/sbin/brctl"
subj=system_u:system_r:brctl_t:s0-s0:c0.c1023 key=(null)
And this error from virt-install:
Tue, 01 Nov 2011 14:05:20 DEBUG Removing /var/lib/xen/virtinst-vmlinuz.Gt3BQs
Tue, 01 Nov 2011 14:05:20 DEBUG Removing /var/lib/xen/virtinst-initrd.img.8Jx2yN
Tue, 01 Nov 2011 14:05:20 ERROR Domain not found: xenUnifiedDomainLookupByName
Tue, 01 Nov 2011 14:05:20 DEBUG Traceback (most recent call last):
File "/usr/bin/virt-install", line 620, in start_install
noboot=options.noreboot)
File "/usr/lib/python2.7/site-packages/virtinst/Guest.py", line 1223, in
start_install
noboot)
File "/usr/lib/python2.7/site-packages/virtinst/Guest.py", line 1291, in
_create_guest
dom = self.conn.createLinux(start_xml or final_xml, 0)
File "/usr/lib64/python2.7/site-packages/libvirt.py", line 2077, in
createLinux
if ret is None:raise libvirtError('virDomainCreateLinux() failed', conn=self)
libvirtError: Domain not found: xenUnifiedDomainLookupByName
Tue, 01 Nov 2011 14:05:20 DEBUG Domain installation does not appear to have been
successful.
If it was, you can restart your domain by running:
virsh --connect xen:/// start f16foo
otherwise, please restart your installation.
Domain installation does not appear to have been successful.
If it was, you can restart your domain by running:
virsh --connect xen:/// start f16foo
otherwise, please restart your installation.
So it looks different to your errors.. I'll file a new bug.
-- Pasi
9:22 a.m.
New subject: F16 Xen dom0 SElinux problems with LVM volumes for domUs
On Tue, Nov 01, 2011 at 03:50:32PM +0200, Pasi Kärkkäinen wrote:
On Mon, Oct 17, 2011 at 11:40:01AM -0600, Tim Flink wrote:
> On Sun, 16 Oct 2011 14:30:22 +0300
> Pasi Kärkkäinen <pasik(a)iki.fi> wrote:
>
> > Hello,
> >
> > I need to do "setenforce 0" before I'm able to install Xen VMs
with
> > LVM volumes as disk backends.. Should I file a bugzilla entry about
> > this?
>
> I wonder if you're hitting the same thing that I filed last week:
> - 745996 - AVC denials preventing start of Xen domain [1]
>
> I'm generating my DomUs outside of Xen, so I don't see it at install
> time but I'm wondering if they might be related.
>
> Are the AVC denials the same as the ones I listed there?
>
> Tim
>
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=745996
So it looks different to your errors.. I'll file a new bug.
Done:
"SElinux prevents installation of Xen PV domU with virt-install or
virt-manager":
https://bugzilla.redhat.com/show_bug.cgi?id=750535
Is the component "xen" correct one for that bug?
-- Pasi
4553
days inactive
4569
days old
4 comments
3 participants
participants (3)
-
Konrad Rzeszutek Wilk -
Pasi Kärkkäinen -
Tim Flink