Bug 577972

Summary: failure to "install to Hard Drive" F13-Beta-x86_64-Live.iso with virt-manager if selinux enabled
Product: [Fedora] Fedora Reporter: John Ellson <john.ellson>
Component: selinux-policy-targetedAssignee: Daniel Walsh <dwalsh>
Status: CLOSED ERRATA QA Contact: Ben Levenson <benl>
Severity: medium Docs Contact:
Priority: low    
Version: rawhide   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: selinux-policy-3.7.19-10.fc13 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-05-04 23:55:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
/var/log/audit/audit.log from Live virtual image just after clicking "Install to Hard Drive" none

Description John Ellson 2010-03-29 21:16:55 UTC 
Description of problem:
Selinux causes silent, hard to identify, failures.

In this case, I was running F13-Beta-x86_64-Live.iso in a virtual machine OK, but it would totally hang up if i tried to "Install to Hard Drive" (/dev/vd0)

Version-Release number of selected component (if applicable):
real machine:
   kernel-2.6.33.1-19.fc13.x86_64
   virt-manager-0.8.3-2.fc13.noarch
virtual machine:
   F13-Beta-x86_64-Live.iso

How reproducible:
100%

Steps to Reproduce:
1. virt-manager
2. run from F13-Beta-x86_64-Live.iso
3. "Install to hard Drive"
  
Actual results:
Virtual machine totally hangs while transferring files to /dev/vd0

Expected results:
Successful install on virtual host

Additional info:
Catching the initial Boot and adding "selinux=0" to the kernel options provided a workaround.
Comment 1 Daniel Walsh 2010-03-30 12:58:38 UTC 
Any avc messages in /var/log/audit/audit.log?
Comment 2 Daniel Walsh 2010-03-30 13:01:57 UTC 
Did you build this iso yourself or download it from somewhere?
Comment 3 John Ellson 2010-03-30 21:26:18 UTC 
The base machine was installed from:
    ftp://download.fedora.redhat.com/pub/fedora/linux/releases/test/13-Alpha/Live/x86_64/F13-Alpha-x86_64-Live.iso
with updates and extra packages.

It seems I can't find F13-Beta-x86_64-Live.iso any more, but I didn't build it myself.

I just now retested with the latest client Live image from:

http://alt.fedoraproject.org/pub/alt/nightly-composes/desktop/desktop-x86_64-20100329.19.iso

and the problem still exists.

No avc messages in /var/log/audit/audit.log on the base system.  I can't tell if there were any on the Live install system as it hung.


/var/log/messages ends with this on the base system  ("t" is my virtual host's name):

Mar 30 17:15:14 ontap libvirtd: 17:15:14.434: error : qemudDomainLookupByName:3397 : Domain not found: no domain with matching name 't'
Mar 30 17:15:42 ontap libvirtd: 17:15:42.131: error : qemudDomainLookupByName:3397 : Domain not found: no domain with matching name 't'
Mar 30 17:15:44 ontap libvirtd: 17:15:44.919: error : qemudDomainLookupByName:3397 : Domain not found: no domain with matching name 't'
Mar 30 17:15:45 ontap libvirtd: 17:15:45.381: error : qemudDomainLookupByName:3397 : Domain not found: no domain with matching name 't'
Mar 30 17:15:45 ontap libvirtd: 17:15:45.678: error : storageVolumeLookupByName:1153 : Storage volume not found: no storage vol with matching name 't.img'
Mar 30 17:15:45 ontap libvirtd: 17:15:45.789: error : storageVolumeLookupByPath:1238 : invalid storage volume pointer in no storage vol with matching path
Mar 30 17:15:45 ontap libvirtd: 17:15:45.793: error : storageVolumeLookupByPath:1238 : invalid storage volume pointer in no storage vol with matching path
Mar 30 17:15:45 ontap libvirtd: 17:15:45.800: error : storageVolumeLookupByName:1153 : Storage volume not found: no storage vol with matching name 't.img'
Mar 30 17:15:48 ontap libvirtd: 17:15:48.884: error : qemudDomainLookupByName:3397 : Domain not found: no domain with matching name 't'
Mar 30 17:15:49 ontap libvirtd: 17:15:49.374: error : qemudDomainLookupByName:3397 : Domain not found: no domain with matching name 't'
Mar 30 17:15:49 ontap libvirtd: 17:15:49.670: error : storageVolumeLookupByName:1153 : Storage volume not found: no storage vol with matching name 't.img'
Mar 30 17:15:49 ontap libvirtd: 17:15:49.773: error : storageVolumeLookupByPath:1238 : invalid storage volume pointer in no storage vol with matching path
Mar 30 17:15:49 ontap libvirtd: 17:15:49.778: error : storageVolumeLookupByPath:1238 : invalid storage volume pointer in no storage vol with matching path
Mar 30 17:15:49 ontap libvirtd: 17:15:49.787: error : storageVolumeLookupByName:1153 : Storage volume not found: no storage vol with matching name 't.img'
Mar 30 17:15:49 ontap libvirtd: 17:15:49.891: error : qemudDomainLookupByUUID:3372 : Domain not found: no domain with matching uuid '1b2107ad-9b95-6630-576f-b51d31190294'
Mar 30 17:15:50 ontap libvirtd: 17:15:50.016: error : qemudDomainLookupByName:3397 : Domain not found: no domain with matching name 't'
Mar 30 17:15:50 ontap libvirtd: 17:15:50.020: error : storageVolumeLookupByName:1153 : Storage volume not found: no storage vol with matching name 't.img'
Mar 30 17:15:50 ontap kernel: device vnet2 entered promiscuous mode
Mar 30 17:15:50 ontap kernel: br0: port 4(vnet2) entering learning state
Mar 30 17:15:51 ontap qemu-kvm: Could not find keytab file: /etc/qemu/krb5.tab: No such file or directory
Mar 30 17:15:52 ontap avahi-daemon[1541]: Registering new address record for fe80::640c:daff:fed2:f286 on vnet2.*.
Mar 30 17:16:05 ontap kernel: br0: port 4(vnet2) entering forwarding state
Comment 4 John Ellson 2010-03-30 21:49:16 UTC 
Again with desktop-x86_64-20100329.19.iso, interrupting the boot of the live image and adding "selinux=0" to the kernel option fixes the problem.

I think the /var/log/messages in the previous comment are just normal ones from booting the live image before the virtual disk is formatted.  I saw them with this successful install too.

During retesting with selinux enabled on the live system, I do see an AVC denial popup after clicking "install to Hard Drive", but clicking on "show" just causes the popup to disappear.

I was able to capture the audit.log from the Live image.
Comment 5 John Ellson 2010-03-30 21:51:42 UTC 
Created attachment 403605 [details]
/var/log/audit/audit.log from Live virtual image just after clicking "Install to Hard Drive"
Comment 6 Daniel Walsh 2010-03-31 14:24:55 UTC 
Fixed in selinux-policy-3.7.17-3.fc13.noarch
Comment 7 Fedora Update System 2010-04-05 18:56:56 UTC 
selinux-policy-3.7.17-6.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/selinux-policy-3.7.17-6.fc13
Comment 8 Fedora Update System 2010-04-30 20:07:50 UTC 
selinux-policy-3.7.19-10.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/selinux-policy-3.7.19-10.fc13
Comment 9 Fedora Update System 2010-04-30 23:50:22 UTC 
selinux-policy-3.7.19-10.fc13 has been pushed to the Fedora 13 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update selinux-policy'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/selinux-policy-3.7.19-10.fc13
Comment 10 Fedora Update System 2010-05-04 23:55:29 UTC 
selinux-policy-3.7.19-10.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.