Bug 1631033
| Summary: | Silverblue 29 /etc/libvirt has wrong selinux label | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | M. Edward (Ed) Borasky <znmeb> | ||||
| Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 29 | CC: | andrew.d.strutt, antonio, bbreard, berrange, crobinso, dustymabe, dwalsh, fedora, lvrabec, mgrepl, plautrba, walters, znmeb, zpytela | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | selinux-policy-3.14.2-53.fc29 | Doc Type: | If docs needed, set a value | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2019-04-08 01:53:03 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Virtual Machine Manager is working now. I think there may be a missing dependency in the install. The issue went away when I installed GNOME Boxes with rpm-ostree instead of Flatpak. I just ran a test - uninstall both gnome-boxes and virt-manager, then install virt-manager. virt-manager comes up, but it doesn't even see libvirt!
Unable to connect to libvirt qemu:///system.
Verify that the 'libvirtd' daemon is running.
Libvirt URI is: qemu:///system
Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/connection.py", line 1011, in _do_open
self._backend.open(self._do_creds_password)
File "/usr/share/virt-manager/virtinst/connection.py", line 136, in open
open_flags)
File "/usr/lib64/python3.7/site-packages/libvirt.py", line 104, in openAuth
if ret is None:raise libvirtError('virConnectOpenAuth() failed')
libvirt.libvirtError: Failed to connect socket to '/var/run/libvirt/libvirt-sock': No such file or directory
Why? It's not installing libvirt (or the qemu pieces, it looks like):
$ sudo rpm-ostree install virt-manager
Checking out tree a1d5676... done
Enabled rpm-md repositories: updates updates-testing fedora
Updating metadata for 'updates': [=============] 100%
rpm-md repo 'updates'; generated: 2018-02-20 19:18:14
Updating metadata for 'updates-testing': [=============] 100%
rpm-md repo 'updates-testing'; generated: 2018-09-22 19:56:12
Updating metadata for 'fedora': [=============] 100%
rpm-md repo 'fedora'; generated: 2018-09-22 10:13:44
Importing metadata [=============] 100%
Resolving dependencies... done
Checking out packages (91/91) [=============] 100%
Running pre scripts... 3 done
Running post scripts... 26 done
Writing rpmdb... done
Writing OSTree commit... done
Freed: 44.4 MB (pkgcache branches: 0)
Added:
cyrus-sasl-2.1.27-0.3rc7.fc29.x86_64
genisoimage-1.1.11-40.fc29.x86_64
gtk-vnc2-0.9.0-2.fc29.x86_64
gvnc-0.9.0-2.fc29.x86_64
libcacard-3:2.6.1-1.fc29.x86_64
libphodav-2.2-3.fc29.x86_64
libssh2-1.8.0-8.fc29.x86_64
libusal-1.1.11-40.fc29.x86_64
libvirt-glib-1.0.0-7.fc29.x86_64
libvirt-libs-4.7.0-1.fc29.x86_64
libwsman1-2.6.5-8.fc29.x86_64
nmap-ncat-2:7.70-4.fc29.x86_64
numactl-libs-2.0.12-1.fc29.x86_64
python3-libvirt-4.7.0-1.fc29.x86_64
spice-glib-0.35-3.fc29.x86_64
spice-gtk3-0.35-3.fc29.x86_64
usbredir-0.8.0-1.fc29.x86_64
virt-manager-1.6.0-1.3.git3bc7ff24c.fc29.noarch
virt-manager-common-1.6.0-1.3.git3bc7ff24c.fc29.noarch
Run "systemctl reboot" to start a reboot
Now install gnome-boxes (attached) and reboot. I can create virtual machines with virt-manager again.
Created attachment 1486258 [details]
log of gnome-boxes install
Do you have any SELinux denials in `/var/log/audit/audit.log`? Also look at `journalctl -b -u libvirtd` and `systemctl status virtlogd`. I think I hit this too and fixed it with `restorecon -Rnv /etc/libvirt` or so; can't remember exactly. Which is clearly a bug but not sure where yet. I see this in the journal for libvirtd
Dec 07 09:00:58 camacho.local libvirtd[1031]: 2018-12-07 15:00:58.526+0000: 1050: info : libvirt version: 4.7.0, package: 1.fc29 (Fedora Project, 2018-09-04-10:29:06, )
Dec 07 09:00:58 camacho.local libvirtd[1031]: 2018-12-07 15:00:58.526+0000: 1050: info : hostname: camacho.local
Dec 07 09:00:58 camacho.local libvirtd[1031]: 2018-12-07 15:00:58.526+0000: 1050: error : virNetSocketReadWire:1790 : Cannot recv data: Connection reset by peer
Dec 07 09:00:58 camacho.local libvirtd[1031]: 2018-12-07 15:00:58.527+0000: 1050: error : virNetSocketNewConnectUNIX:711 : Failed to connect socket to '/var/run/libvirt/virtlogd-sock': Connection refused
Dec 07 09:03:58 camacho.local libvirtd[1031]: 2018-12-07 15:03:58.103+0000: 1051: error : virNetSocketNewConnectUNIX:711 : Failed to connect socket to '/var/run/libvirt/virtlogd-sock': Connection refused
Dec 07 09:03:58 camacho.local libvirtd[1031]: 2018-12-07 15:03:58.103+0000: 1051: error : virNetSocketNewConnectUNIX:711 : Failed to connect socket to '/var/run/libvirt/virtlogd-sock': Connection refused
Dec 07 09:04:50 camacho.local libvirtd[1031]: 2018-12-07 15:04:50.063+0000: 1052: error : virNetSocketNewConnectUNIX:711 : Failed to connect socket to '/var/run/libvirt/virtlogd-sock': Connection refused
Dec 07 09:04:50 camacho.local libvirtd[1031]: 2018-12-07 15:04:50.063+0000: 1052: error : virNetSocketNewConnectUNIX:711 : Failed to connect socket to '/var/run/libvirt/virtlogd-sock': Connection refused
As usual you're right the coulprite lies here:
Dec 07 09:00:58 camacho.local virtlogd[31484]: 2018-12-07 15:00:58.524+0000: 31484: info : hostname: camacho.local
Dec 07 09:00:58 camacho.local virtlogd[31484]: 2018-12-07 15:00:58.524+0000: 31484: error : main:1054 : Can't load config file: Failed to open file '/etc/libvirt/virtlogd.conf': Permission denied: /etc/libvirt/>
Dec 07 09:00:58 camacho.local systemd[1]: virtlogd.service: Main process exited, code=exited, status=1/FAILURE
Dec 07 09:00:58 camacho.local systemd[1]: virtlogd.service: Failed with result 'exit-code'.
Dec 07 09:00:58 camacho.local systemd[1]: virtlogd.service: Start request repeated too quickly.
Dec 07 09:00:58 camacho.local systemd[1]: virtlogd.service: Failed with result 'exit-code'.
Dec 07 09:00:58 camacho.local systemd[1]: Failed to start Virtual machine log manager.
type=AVC msg=audit(1544196386.380:770): avc: denied { search } for pid=867 comm="virtlogd" name="libvirt" dev="dm-1" ino=2491591 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_etc_rw_t:s0 tclass=dir permissive=0
I reproduced this in a VM running Silverblue 29.
The culprint seems to be SELinux denials when trying to open `/etc/libvirt/virtlogd.conf`?
$ sudo journalctl -b -u libvirtd --no-pager
-- Logs begin at Fri 2018-12-07 10:30:44 EST, end at Fri 2018-12-07 11:08:17 EST. --
Dec 07 10:46:09 localhost.localdomain systemd[1]: Starting Virtualization daemon...
Dec 07 10:46:10 localhost.localdomain systemd[1]: Started Virtualization daemon.
Dec 07 10:46:13 localhost.localdomain dnsmasq[1112]: started, version 2.79 cachesize 150
Dec 07 10:46:13 localhost.localdomain dnsmasq[1112]: compile time options: IPv6 GNU-getopt DBus no-i18n IDN2 DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect inotify
Dec 07 10:46:13 localhost.localdomain dnsmasq-dhcp[1112]: DHCP, IP range 192.168.122.2 -- 192.168.122.254, lease time 1h
Dec 07 10:46:13 localhost.localdomain dnsmasq-dhcp[1112]: DHCP, sockets bound exclusively to interface virbr0
Dec 07 10:46:13 localhost.localdomain dnsmasq[1112]: reading /etc/resolv.conf
Dec 07 10:46:13 localhost.localdomain dnsmasq[1112]: using nameserver 192.168.124.1#53
Dec 07 10:46:13 localhost.localdomain dnsmasq[1112]: read /etc/hosts - 2 addresses
Dec 07 10:46:13 localhost.localdomain dnsmasq[1112]: read /var/lib/libvirt/dnsmasq/default.addnhosts - 0 addresses
Dec 07 10:46:13 localhost.localdomain dnsmasq-dhcp[1112]: read /var/lib/libvirt/dnsmasq/default.hostsfile
Dec 07 10:49:52 localhost.localdomain systemd[1]: Stopping Virtualization daemon...
Dec 07 10:49:52 localhost.localdomain systemd[1]: Stopped Virtualization daemon.
Dec 07 10:49:52 localhost.localdomain systemd[1]: libvirtd.service: Found left-over process 1112 (dnsmasq) in control group while starting unit. Ignoring.
Dec 07 10:49:52 localhost.localdomain systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Dec 07 10:49:52 localhost.localdomain systemd[1]: libvirtd.service: Found left-over process 1113 (dnsmasq) in control group while starting unit. Ignoring.
Dec 07 10:49:52 localhost.localdomain systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Dec 07 10:49:52 localhost.localdomain systemd[1]: Starting Virtualization daemon...
Dec 07 10:49:52 localhost.localdomain systemd[1]: Started Virtualization daemon.
Dec 07 10:49:52 localhost.localdomain dnsmasq[1112]: read /etc/hosts - 2 addresses
Dec 07 10:49:52 localhost.localdomain dnsmasq[1112]: read /var/lib/libvirt/dnsmasq/default.addnhosts - 0 addresses
Dec 07 10:49:52 localhost.localdomain dnsmasq-dhcp[1112]: read /var/lib/libvirt/dnsmasq/default.hostsfile
Dec 07 11:01:10 localhost.localdomain libvirtd[2736]: 2018-12-07 16:01:10.934+0000: 2742: info : libvirt version: 4.7.0, package: 1.fc29 (Fedora Project, 2018-09-04-10:29:06, )
Dec 07 11:01:10 localhost.localdomain libvirtd[2736]: 2018-12-07 16:01:10.934+0000: 2742: info : hostname: localhost.localdomain
Dec 07 11:01:10 localhost.localdomain libvirtd[2736]: 2018-12-07 16:01:10.934+0000: 2742: error : virQEMUCapsCacheLookupDefault:5006 : invalid argument: KVM is not supported by '/usr/bin/qemu-kvm' on this host
Dec 07 11:01:11 localhost.localdomain libvirtd[2736]: 2018-12-07 16:01:11.151+0000: 2738: error : virQEMUCapsCacheLookupDefault:5006 : invalid argument: KVM is not supported by '/usr/bin/qemu-kvm' on this host
Dec 07 11:01:40 localhost.localdomain libvirtd[2736]: 2018-12-07 16:01:40.171+0000: 2739: error : qemuProcessUpdateGuestCPU:5736 : unsupported configuration: CPU mode 'custom' for x86_64 kvm domain on x86_64 host is not supported by hypervisor
Dec 07 11:01:40 localhost.localdomain libvirtd[2736]: 2018-12-07 16:01:40.420+0000: 2739: error : virNetSocketReadWire:1790 : Cannot recv data: Connection reset by peer
Dec 07 11:01:53 localhost.localdomain libvirtd[2736]: 2018-12-07 16:01:53.640+0000: 2741: error : virNetSocketNewConnectUNIX:711 : Failed to connect socket to '/var/run/libvirt/virtlogd-sock': Connection refused
Dec 07 11:01:53 localhost.localdomain libvirtd[2736]: 2018-12-07 16:01:53.640+0000: 2741: error : virNetSocketNewConnectUNIX:711 : Failed to connect socket to '/var/run/libvirt/virtlogd-sock': Connection refused
$ sudo journalctl -b -u virtlogd --no-pager
-- Logs begin at Fri 2018-12-07 10:30:44 EST, end at Fri 2018-12-07 11:08:32 EST. --
Dec 07 11:01:40 localhost.localdomain systemd[1]: Started Virtual machine log manager.
Dec 07 11:01:40 localhost.localdomain virtlogd[4331]: 2018-12-07 16:01:40.222+0000: 4331: info : libvirt version: 4.7.0, package: 1.fc29 (Fedora Project, 2018-09-04-10:29:06, )
Dec 07 11:01:40 localhost.localdomain virtlogd[4331]: 2018-12-07 16:01:40.222+0000: 4331: info : hostname: localhost.localdomain
Dec 07 11:01:40 localhost.localdomain virtlogd[4331]: 2018-12-07 16:01:40.222+0000: 4331: error : main:1054 : Can't load config file: Failed to open file '/etc/libvirt/virtlogd.conf': Permission denied: /etc/libvirt/virtlogd.conf
Dec 07 11:01:40 localhost.localdomain systemd[1]: virtlogd.service: Main process exited, code=exited, status=1/FAILURE
Dec 07 11:01:40 localhost.localdomain systemd[1]: virtlogd.service: Failed with result 'exit-code'.
Dec 07 11:01:40 localhost.localdomain systemd[1]: Started Virtual machine log manager.
Dec 07 11:01:40 localhost.localdomain virtlogd[4332]: 2018-12-07 16:01:40.274+0000: 4332: info : libvirt version: 4.7.0, package: 1.fc29 (Fedora Project, 2018-09-04-10:29:06, )
Dec 07 11:01:40 localhost.localdomain virtlogd[4332]: 2018-12-07 16:01:40.274+0000: 4332: info : hostname: localhost.localdomain
Dec 07 11:01:40 localhost.localdomain virtlogd[4332]: 2018-12-07 16:01:40.274+0000: 4332: error : main:1054 : Can't load config file: Failed to open file '/etc/libvirt/virtlogd.conf': Permission denied: /etc/libvirt/virtlogd.conf
Dec 07 11:01:40 localhost.localdomain systemd[1]: virtlogd.service: Main process exited, code=exited, status=1/FAILURE
Dec 07 11:01:40 localhost.localdomain systemd[1]: virtlogd.service: Failed with result 'exit-code'.
Dec 07 11:01:40 localhost.localdomain systemd[1]: Started Virtual machine log manager.
Dec 07 11:01:40 localhost.localdomain virtlogd[4333]: 2018-12-07 16:01:40.343+0000: 4333: info : libvirt version: 4.7.0, package: 1.fc29 (Fedora Project, 2018-09-04-10:29:06, )
Dec 07 11:01:40 localhost.localdomain virtlogd[4333]: 2018-12-07 16:01:40.343+0000: 4333: info : hostname: localhost.localdomain
Dec 07 11:01:40 localhost.localdomain virtlogd[4333]: 2018-12-07 16:01:40.343+0000: 4333: error : main:1054 : Can't load config file: Failed to open file '/etc/libvirt/virtlogd.conf': Permission denied: /etc/libvirt/virtlogd.conf
Dec 07 11:01:40 localhost.localdomain systemd[1]: virtlogd.service: Main process exited, code=exited, status=1/FAILURE
Dec 07 11:01:40 localhost.localdomain systemd[1]: virtlogd.service: Failed with result 'exit-code'.
Dec 07 11:01:40 localhost.localdomain systemd[1]: Started Virtual machine log manager.
Dec 07 11:01:40 localhost.localdomain virtlogd[4334]: 2018-12-07 16:01:40.377+0000: 4334: info : libvirt version: 4.7.0, package: 1.fc29 (Fedora Project, 2018-09-04-10:29:06, )
Dec 07 11:01:40 localhost.localdomain virtlogd[4334]: 2018-12-07 16:01:40.377+0000: 4334: info : hostname: localhost.localdomain
Dec 07 11:01:40 localhost.localdomain virtlogd[4334]: 2018-12-07 16:01:40.377+0000: 4334: error : main:1054 : Can't load config file: Failed to open file '/etc/libvirt/virtlogd.conf': Permission denied: /etc/libvirt/virtlogd.conf
Dec 07 11:01:40 localhost.localdomain systemd[1]: virtlogd.service: Main process exited, code=exited, status=1/FAILURE
Dec 07 11:01:40 localhost.localdomain systemd[1]: virtlogd.service: Failed with result 'exit-code'.
Dec 07 11:01:40 localhost.localdomain systemd[1]: Started Virtual machine log manager.
Dec 07 11:01:40 localhost.localdomain virtlogd[4335]: 2018-12-07 16:01:40.416+0000: 4335: info : libvirt version: 4.7.0, package: 1.fc29 (Fedora Project, 2018-09-04-10:29:06, )
Dec 07 11:01:40 localhost.localdomain virtlogd[4335]: 2018-12-07 16:01:40.416+0000: 4335: info : hostname: localhost.localdomain
Dec 07 11:01:40 localhost.localdomain virtlogd[4335]: 2018-12-07 16:01:40.416+0000: 4335: error : main:1054 : Can't load config file: Failed to open file '/etc/libvirt/virtlogd.conf': Permission denied: /etc/libvirt/virtlogd.conf
Dec 07 11:01:40 localhost.localdomain systemd[1]: virtlogd.service: Main process exited, code=exited, status=1/FAILURE
Dec 07 11:01:40 localhost.localdomain systemd[1]: virtlogd.service: Failed with result 'exit-code'.
Dec 07 11:01:40 localhost.localdomain systemd[1]: virtlogd.service: Start request repeated too quickly.
Dec 07 11:01:40 localhost.localdomain systemd[1]: virtlogd.service: Failed with result 'exit-code'.
Dec 07 11:01:40 localhost.localdomain systemd[1]: Failed to start Virtual machine log manager.
$ sudo journalctl -b | grep avc.*denied
Dec 07 11:01:40 localhost.localdomain audit[4331]: AVC avc: denied { search } for pid=4331 comm="virtlogd" name="libvirt" dev="dm-0" ino=943377 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_etc_rw_t:s0 tclass=dir permissive=0
Dec 07 11:01:40 localhost.localdomain audit[4331]: AVC avc: denied { search } for pid=4331 comm="virtlogd" name="libvirt" dev="dm-0" ino=943377 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_etc_rw_t:s0 tclass=dir permissive=0
Dec 07 11:01:40 localhost.localdomain audit[4332]: AVC avc: denied { search } for pid=4332 comm="virtlogd" name="libvirt" dev="dm-0" ino=943377 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_etc_rw_t:s0 tclass=dir permissive=0
Dec 07 11:01:40 localhost.localdomain audit[4332]: AVC avc: denied { search } for pid=4332 comm="virtlogd" name="libvirt" dev="dm-0" ino=943377 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_etc_rw_t:s0 tclass=dir permissive=0
Dec 07 11:01:40 localhost.localdomain audit[4333]: AVC avc: denied { search } for pid=4333 comm="virtlogd" name="libvirt" dev="dm-0" ino=943377 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_etc_rw_t:s0 tclass=dir permissive=0
Dec 07 11:01:40 localhost.localdomain audit[4333]: AVC avc: denied { search } for pid=4333 comm="virtlogd" name="libvirt" dev="dm-0" ino=943377 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_etc_rw_t:s0 tclass=dir permissive=0
Dec 07 11:01:40 localhost.localdomain audit[4334]: AVC avc: denied { search } for pid=4334 comm="virtlogd" name="libvirt" dev="dm-0" ino=943377 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_etc_rw_t:s0 tclass=dir permissive=0
Dec 07 11:01:40 localhost.localdomain audit[4334]: AVC avc: denied { search } for pid=4334 comm="virtlogd" name="libvirt" dev="dm-0" ino=943377 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_etc_rw_t:s0 tclass=dir permissive=0
Dec 07 11:01:40 localhost.localdomain audit[4335]: AVC avc: denied { search } for pid=4335 comm="virtlogd" name="libvirt" dev="dm-0" ino=943377 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_etc_rw_t:s0 tclass=dir permissive=0
Dec 07 11:01:40 localhost.localdomain audit[4335]: AVC avc: denied { search } for pid=4335 comm="virtlogd" name="libvirt" dev="dm-0" ino=943377 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_etc_rw_t:s0 tclass=dir permissive=0
$ sudo ls -lZ /etc/libvirt/virtlogd.conf
-rw-r--r--. 1 root root system_u:object_r:virtlogd_etc_t:s0 3247 Dec 7 10:45 /etc/libvirt/virtlogd.conf
$ sudo restorecon -Rnv /etc/libvirt
Would relabel /etc/libvirt from system_u:object_r:virt_etc_rw_t:s0 to system_u:object_r:virt_etc_t:s0
After running the `restorecon` and restarting libvirtd/virtlogd, I was able to get past the error.
I have the same error on Fedora Silverblue on my laptop:
Dec 16 17:32:33 x11SilverBlue.insuasti.ec virtlogd[3529]: 2018-12-16 22:32:33.610+0000: 3529: error : main:1054 : Can't load config file: Failed to open file '/etc/libvirt/virtlogd.conf': Permission denied: /etc/libvirt/virtlogd.conf
This confirm that is SELinux denials the access to /etc/libvirt/virtlogd.conf
Dec 16 17:32:33 x11SilverBlue.insuasti.ec audit[3529]: AVC avc: denied { search } for pid=3529 comm="virtlogd" name="libvirt" dev="dm-1" ino=950350 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_etc_rw_t:s0 tclass=dir permissive=0
my solution for now is
$ sudo setenforce 0
$ sudo systemctl restart virtlogd
$ sudo systemctl restart libvirtd
Please use: restorecon -Rv /etc/libvirt As a workaround for this for now. I just hit this myself. What is the actual bug here? Is it a libvirt bug? Is it an ostree bug? How do we get it resolved in the future? > I just hit this myself.
>
> What is the actual bug here? Is it a libvirt bug? Is it an ostree bug? How
> do we get it resolved in the future?
I'd have to redo my troubleshooting, but my recollection is that it worked on Silverblue 28 because `gnome-boxes` was there and pulled in all the required dependencies. I think `virt-manager` works on Silverblue 29 *if* you have `gnome-boxes` installed as well. I think the fix is to figure out which dependencies are missing from the `virt-manager` RPM. But this is all from memory; I don't have a test rig set up at the moment.
The issue for me was the fact that the /etc/libvirt directory had the wrong selinux label. I don't think the issue I was having was a dependency issue unless installing other things caused the directory to get labeled properly. (In reply to Dusty Mabe from comment #12) > The issue for me was the fact that the /etc/libvirt directory had the wrong > selinux label. I don't think the issue I was having was a dependency issue > unless installing other things caused the directory to get labeled properly. When I ran into it, it was during the beta for Silverblue 29 and I was doing a bunch of testing. I'll try to reproduce it on a fresh Silverblue 29 VM later today and see if my symptom is fixed. Confirmed this to be an issue past Fedora 27, virt-lib is unable to connect to any remote KVM/libvirt servers over ssh. Fedora 28 - Confirmed Fedora 29 - Confirmed I had to revert my Fedora Workstation for Administrator Tasks back to Fedora 27 to be able to use Virtual Machine Manager. Trying some of the work-arounds has no affect for me. SELinux disabled, no change. $ sudo setenforce 0 $ sudo systemctl restart virtlogd $ sudo systemctl restart libvirtd Done on the host, and the client. restorecon -Rv /etc/libvirt Done on the client, on change. Confirmed this to be an issue past Fedora 27, virt-lib is unable to connect to any remote KVM/libvirt servers over ssh. Fedora 28 - Confirmed Fedora 29 - Confirmed I had to revert my Fedora Workstation for Administrator Tasks back to Fedora 27 to be able to use Virtual Machine Manager. Trying some of the work-arounds has no affect for me. SELinux disabled, no change. $ sudo setenforce 0 $ sudo systemctl restart virtlogd $ sudo systemctl restart libvirtd Done on the host, and the client. restorecon -Rv /etc/libvirt Done on the client, on change. From the last comments this sounds like an selinux issue, not sure if libvirtd is at fault here commit 58e99ba8a7f1f588726319a4bb33801aeaa7ad10
Author: Lukas Vrabec <lvrabec>
Date: Tue Mar 26 15:08:02 2019 +0100
Allow virtlogd_t domain to create virt_etc_rw_t files in virt_etc_t
Giving virtlogd permission to create files in /etc/ doesn't sound right to me. The AVCs were just for "search" permission. The only files virtlogd should be creating are under /var/log and /var/run, it merely needs read access to /etc/libvirt AFAIR I think this is probably a bug in libostree's SELinux handling, but it needs some investigation. selinux-policy-3.14.2-53.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-bf377d92c7 selinux-policy-3.14.2-53.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-bf377d92c7 selinux-policy-3.14.2-53.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report. Package selinux-policy-3.14.2-54.fc29.noarch is installed now.
No change.
error:
Unable to connect to libvirt qemu+ssh://root.XXX.XXX/system.
Cannot recv data: packet_write_wait: Connection to XXX.XXX.XXX.XXX port 22: Broken pipe: Connection reset by peer
Verify that the 'libvirtd' daemon is running on the remote host.
Libvirt URI is: qemu+ssh://root.XXX.XXX/system
Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/connection.py", line 1012, in _do_open
self._backend.open(connectauth.creds_dialog, self)
File "/usr/share/virt-manager/virtinst/connection.py", line 138, in open
open_flags)
File "/usr/lib64/python3.7/site-packages/libvirt.py", line 104, in openAuth
if ret is None:raise libvirtError('virConnectOpenAuth() failed')
libvirt.libvirtError: Cannot recv data: packet_write_wait: Connection to XXX.XXX.XXX.XXX port 22: Broken pipe: Connection reset by peer
Host is CentOS 7.6. Works perfectly with previous versions of Fedora.
|
Description of problem: I can't create a virtual machine with Virtual Machine Manager on Silverblue 29. The same ISO works in GNOME Boxes. Version-Release number of selected component (if applicable): [znmeb@Silverblue ~]$ virt-manager --version 1.6.0 How reproducible: always Steps to Reproduce: 1. Install Virtual Machine manager 2. Try to create a virtual machine using the Fedora 29 "Everything" netinst ISO file. Actual results: The setup proceeds to the "Install or cancel" box at the end. When you click "Install" you get an error message: Unable to complete install: 'Cannot recv data: Connection reset by peer' Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/asyncjob.py", line 75, in cb_wrapper callback(asyncjob, *args, **kwargs) File "/usr/share/virt-manager/virtManager/create.py", line 2559, in _do_async_install guest.start_install(meter=meter) File "/usr/share/virt-manager/virtinst/guest.py", line 465, in start_install doboot, transient) File "/usr/share/virt-manager/virtinst/guest.py", line 401, in _create_guest domain = self.conn.createXML(install_xml or final_xml, 0) File "/usr/lib64/python3.7/site-packages/libvirt.py", line 3718, in createXML if ret is None:raise libvirtError('virDomainCreateXML() failed', conn=self) libvirt.libvirtError: Cannot recv data: Connection reset by peer Expected results: an install dialogue Additional info: