+++ This bug was initially created as a clone of Bug #582030 +++
Description of problem:
I'm testing out live migration of KVM guests as per the rhel6 Test Day. I have two identical Intel x86_64 machines, both running the Fedora Test Day image. When trying to live migrate an rhel5.5 i386 guest between them with SELinux in enforcing mode, I'm getting:
# virsh migrate m2 qemu+ssh://10.66.65.144/system --live
error: unable to set user and group to '0:0' on '/var/lib/libvirt/migrate/RHEL-Server-5.5-32-virtio.qcow2.1': Permission denied
/var/log/audit/audit.log says:
type=AVC msg=audit(1275648230.530:144): avc: denied { read } for pid=8295 comm="nfsd" name="RHEL-Server-5.5-32-virtio.qcow2.1" dev=sda3 ino=786440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:svirt_image_t:s0:c849,c987 tclass=file
type=AVC msg=audit(1275648230.530:145): avc: denied { read } for pid=8295 comm="nfsd" name="RHEL-Server-5.5-32-virtio.qcow2.1" dev=sda3 ino=786440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:svirt_image_t:s0:c849,c987 tclass=file
type=AVC msg=audit(1275648230.533:146): avc: denied { setattr } for pid=8295 comm="nfsd" name="RHEL-Server-5.5-32-virtio.qcow2.1" dev=sda3 ino=786440 scontext=system_u:system_r:kernel_t:s0 tcontext=system_u:object_r:svirt_image_t:s0:c849,c987 tclass=file
If I set SELinux to permissive mode, then the live migration succeeds.
--- Additional comment from clalance on 2010-04-13 17:30:08 EDT ---
Oh, I should also mention that my disk image is shared from this machine via nfs with /etc/exports that looks like:
/var/lib/libvirt/images *(rw,no_root_squash)
Also, the versions of my packages are:
kernel-2.6.33.1-19.fc13.x86_64
libvirt-0.7.7-1.fc13.x86_64
qemu-kvm-0.12.3-6.fc13.x86_64
--- Additional comment from clalance on 2010-04-13 17:53:22 EDT ---
I should also clarify my statement about setting SELinux to permissive mode. If I set SELinux to permissive mode on the *source* of the migration, then I get a little bit further, but then I run into another issue:
[root@localhost ~]# virsh migrate --live f13x86_64 qemu+ssh://locutus.usersys.redhat.com/system
error: internal error Process exited while reading console log output: char device redirected to /dev/pts/2
qemu: could not open disk image /var/lib/libvirt/images/f13x86_64.dsk: Permission denied
If I then set SELinux to permissive on the destination, things succeed.
Comment 2RHEL Program Management
2010-06-04 16:13:25 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release. Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release. This request is not yet committed for
inclusion.
Comment 9releng-rhel@redhat.com
2010-11-10 21:34:30 UTC
Red Hat Enterprise Linux 6.0 is now available and should resolve
the problem described in this bug report. This report is therefore being closed
with a resolution of CURRENTRELEASE. You may reopen this bug report if the
solution does not work for you.