This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours

Bug 516430

Summary: libvirt cannot re-label a disk image under an NTFS partition
Product: [Fedora] Fedora Reporter: Hedayat Vatankhah <hedayatv>
Component: libvirtAssignee: Daniel Veillard <veillard>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: medium    
Version: 11CC: apevec, berrange, clalance, crobinso, dwalsh, hbrock, itamar, jforbes, markmc, mgrepl, veillard, virt-maint
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-10-09 06:20:18 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On:    
Bug Blocks: 480594    
Attachments:
Description Flags
VirtManager log file
none
Guest log (/var/lib/libvirt/qemu/$guest.log) none

Description Hedayat Vatankhah 2009-08-09 12:10:47 EDT
Description of problem:
I can create a (raw or qcow2) disk image on an NTFS partition, but when I tell virt-manager to use such a disk image, it generates the following exception when it is creating domain (I'm trying to create a KVM virtual machine): 

Unable to complete install '<class 'libvirt.libvirtError'> internal error Domain Windows7 didn't show up

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/create.py", line 1501, in do_install
    dom = guest.start_install(False, meter = meter)
  File "/usr/lib/python2.6/site-packages/virtinst/Guest.py", line 541, in start_install
    return self._do_install(consolecb, meter, removeOld, wait)
  File "/usr/lib/python2.6/site-packages/virtinst/Guest.py", line 633, in _do_install
    self.domain = self.conn.createLinux(install_xml, 0)
  File "/usr/lib64/python2.6/site-packages/libvirt.py", line 974, in createLinux
    if ret is None:raise libvirtError('virDomainCreateLinux() failed', conn=self)
libvirtError: internal error Domain Windows7 didn't show up

'

If I use a disk image under ext4 with all other things the same; virt-manager doesn't have any problem and the virtual system boots fine. 

Version-Release number of selected component (if applicable):
virt-manager-0.7.0-5.fc11.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Start creating a new virtual machine (I want to create a Windows virtual machine)
2. Select a Windows installation iso (I used a beta Windows 7 iso)
3. In the hard disk configuration section, use custom settings and create a disk image file under a NTFS partition. (The directory should be added to the list of available file system pools before step 1 using Host Details configuration panel). (I didn't use full pre-allocation).
3. Go ahead and finally press Finish button
  
Actual results:
virt-manager will show the mentioned exception while creating the machine.

Expected results:
The new machine should be created and boot fine
Comment 1 Mark McLoughlin 2009-08-11 14:20:22 EDT
Could you include ~/.virt-manager/virt-manager.log, /var/log/libvirt/qemu/$guest.log and any SELinux errors you're seeing?

See also:

  http://fedoraproject.org/wiki/Reporting_virtualization_bugs
Comment 2 Hedayat Vatankhah 2009-08-13 04:08:59 EDT
OK, Notice: If I set selinux to permissive mode, I can create the virtual machine and setroubleshoot shows me some alerts. But when SELinux is in Enforcing mode, the mentioned error occures without any alerts by SETroubleShoot application.

This is the contents of /var/log/messages after pressing Finish button: (which includes an SELinux related error)

Aug 13 12:33:11 localhost libvirtd: 12:33:11.213: error : Domain not found
Aug 13 12:33:11 localhost libvirtd: 12:33:11.227: error : Domain not found
Aug 13 12:33:11 localhost libvirtd: 12:33:11.628: error : Domain not found
Aug 13 12:33:11 localhost libvirtd: 12:33:11.637: error : Domain not found
Aug 13 12:33:12 localhost kernel: device vnet0 entered promiscuous mode
Aug 13 12:33:12 localhost kernel: virbr0: topology change detected, propagating
Aug 13 12:33:12 localhost kernel: virbr0: port 1(vnet0) entering forwarding state

Aug 13 12:33:12 localhost libvirtd: 12:33:12.033: error : SELinuxSetFilecon: unable to set security context 'system_u:object_r:svirt_image_t:s0:c124,c423' on /media/SW_Preload/AppInstall/Fedora/test.img: Operation not supported.
Aug 13 12:33:12 localhost libvirtd: 12:33:12.034: error : internal error Failed to set security label

Aug 13 12:33:12 localhost NetworkManager: nm_device_ethernet_new: assertion `driver != NULL' failed
Aug 13 12:33:13 localhost avahi-daemon[1440]: Registering new address record for fe80::7c2e:c6ff:fead:2ae4 on vnet0.*.
Aug 13 12:33:16 localhost nm-system-settings: Added default wired connection 'Auto vnet0' for /org/freedesktop/Hal/devices/net_7e_2e_c6_ad_2a_e4
Aug 13 12:33:22 localhost libvirtd: 12:33:22.054: error : internal error Domain Test didn't show up#012
Aug 13 12:33:22 localhost avahi-daemon[1440]: Withdrawing address record for fe80::7c2e:c6ff:fead:2ae4 on vnet0.
Aug 13 12:33:22 localhost kernel: virbr0: port 1(vnet0) entering disabled state
Aug 13 12:33:22 localhost kernel: device vnet0 left promiscuous mode
Aug 13 12:33:22 localhost kernel: virbr0: port 1(vnet0) entering disabled state
Comment 3 Hedayat Vatankhah 2009-08-13 04:13:42 EDT
Created attachment 357283 [details]
VirtManager log file
Comment 4 Hedayat Vatankhah 2009-08-13 04:14:49 EDT
Created attachment 357284 [details]
Guest log (/var/lib/libvirt/qemu/$guest.log)
Comment 5 Hedayat Vatankhah 2009-08-13 04:17:40 EDT
(No kvm package)
python-virtinst-0.400.3-8.fc11.noarch
virt-viewer-0.0.3-6.fc11.x86_64
virt-manager-0.7.0-5.fc11.x86_64


uname -a:
Linux localhost.localdomain 2.6.29.6-217.2.3.fc11.x86_64 #1 SMP Wed Jul 29 16:02:42 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
Comment 6 Mark McLoughlin 2009-08-14 14:10:32 EDT
(In reply to comment #2)

> Aug 13 12:33:12 localhost libvirtd: 12:33:12.033: error : SELinuxSetFilecon:
> unable to set security context 'system_u:object_r:svirt_image_t:s0:c124,c423'
> on /media/SW_Preload/AppInstall/Fedora/test.img: Operation not supported.

Okay, that makes a lot of sense - there is no xattr support on NTFS, so we can't re-label images there

dwalsh, danpb: is there anything we can/should do about this?
Comment 7 Alan Pevec 2009-09-16 06:43:28 EDT
Fix for the same issue with NFS:
http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=777fc2e9d60844a7387355d9cef06bd25190d146

is included in libvirt-0.7.1-1 (in rawhide/F12 and virt-preview for F11)

*** This bug has been marked as a duplicate of bug 517157 ***
Comment 8 Mark McLoughlin 2009-09-21 09:13:38 EDT
Re-opening this because I think we may need the equivalent of the virt_use_nfs sebool for ntfs
Comment 9 Alan Pevec 2009-09-21 17:03:02 EDT
(In reply to comment #8)
> Re-opening this because I think we may need the equivalent of the virt_use_nfs
> sebool for ntfs  

Component should be changed to selinux-policy, that's where SELinux booleans are defined.
Workaround is to mount NTFS partition with the mount option context=system_u:object_r:virt_image_t
Comment 10 Mark McLoughlin 2009-10-01 04:05:08 EDT
(In reply to comment #9)
> (In reply to comment #8)
> > Re-opening this because I think we may need the equivalent of the virt_use_nfs
> > sebool for ntfs  
> 
> Component should be changed to selinux-policy, that's where SELinux booleans
> are defined.

Yeah, except AFAIR dwalsh prefers things to remain assigned to the original component and just cc him

Moving to selinux-policy now

(Ah, I see now that he wasn't cc-ed!)
Comment 11 Daniel Walsh 2009-10-01 09:21:49 EDT
What AVC's are you getting?
Comment 12 Hedayat Vatankhah 2009-10-03 10:05:07 EDT
I've included it in comment #2:

Aug 13 12:33:12 localhost libvirtd: 12:33:12.033: error : SELinuxSetFilecon:
unable to set security context 'system_u:object_r:svirt_image_t:s0:c124,c423'
on /media/SW_Preload/AppInstall/Fedora/test.img: Operation not supported.
Aug 13 12:33:12 localhost libvirtd: 12:33:12.034: error : internal error Failed
to set security label
Comment 13 Daniel Walsh 2009-10-05 09:12:45 EDT
This is not an SELinux failure, it is a failure in libvirt to realize nfs does not support labels.
Comment 14 Mark McLoughlin 2009-10-09 06:20:18 EDT
Ah, we never did get that patch into F-11 to handle EOPNOTSUPP

*** This bug has been marked as a duplicate of bug 517157 ***