Bug 1211272 - libvirt cannot create guests: Failed to bind socket: Permission denied
Summary: libvirt cannot create guests: Failed to bind socket: Permission denied
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: libvirt
Version: 7.1
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Libvirt Maintainers
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks: TRACKER-bugs-affecting-libguestfs
TreeView+ depends on / blocked
 
Reported: 2015-04-13 13:30 UTC by Richard W.M. Jones
Modified: 2015-04-13 13:35 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-04-13 13:35:31 UTC
Target Upstream Version:


Attachments (Terms of Use)
Full log from libguestfs-test-tool (7.21 KB, text/plain)
2015-04-13 13:30 UTC, Richard W.M. Jones
no flags Details

Description Richard W.M. Jones 2015-04-13 13:30:33 UTC
Created attachment 1013965 [details]
Full log from libguestfs-test-tool

Description of problem:

Run libguestfs-test-tool in RHEL 7.1:

[...]

libguestfs: [00233ms] launch libvirt guest
libguestfs: error: could not create appliance through libvirt.

Try running qemu directly without libvirt using this environment variable:
export LIBGUESTFS_BACKEND=direct

Original error from libvirt: internal error: process exited while connecting to monitor: 2015-04-13T13:26:26.646024Z qemu-kvm: -chardev socket,id=charmonitor,path=/home/rjones/.config/libvirt/qemu/lib/guestfs-x1ifcqgcqf6qh3q2.monitor,server,nowait: Failed to bind socket: Permission denied
2015-04-13T13:26:26.646144Z qemu-kvm: -chardev socket,id=charmonitor,path=/home/rjones/.config/libvirt/qemu/lib/guestfs-x1ifcqgcqf6qh3q2.monitor,server,nowait: chardev: opening backend "socket" failed
 [code=1 domain=10]
libguestfs-test-tool: failed to launch appliance

The full output is attached.

Version-Release number of selected component (if applicable):

libvirt-client-1.2.8-16.el7.x86_64
libvirt-daemon-1.2.8-16.el7.x86_64
libvirt-daemon-driver-interface-1.2.8-16.el7.x86_64
libvirt-daemon-driver-network-1.2.8-16.el7.x86_64
libvirt-daemon-driver-nodedev-1.2.8-16.el7.x86_64
libvirt-daemon-driver-nwfilter-1.2.8-16.el7.x86_64
libvirt-daemon-driver-qemu-1.2.8-16.el7.x86_64
libvirt-daemon-driver-secret-1.2.8-16.el7.x86_64
libvirt-daemon-driver-storage-1.2.8-16.el7.x86_64
libvirt-daemon-kvm-1.2.8-16.el7.x86_64
libvirt-devel-1.2.8-16.el7.x86_64
libvirt-docs-1.2.8-16.el7.x86_64
ipxe-roms-qemu-20130517-6.gitc4bce43.el7.noarch
libvirt-daemon-driver-qemu-1.2.8-16.el7.x86_64
qemu-img-1.5.3-86.el7.x86_64
qemu-kvm-1.5.3-86.el7.x86_64
qemu-kvm-common-1.5.3-86.el7.x86_64

How reproducible:

100%

Steps to Reproduce:
1. Install RHEL 7.1.
2. Run libguestfs-test-tool, virt-builder, etc.

Comment 1 Richard W.M. Jones 2015-04-13 13:35:31 UTC
It turns out this is caused by NFS.  The fix is:

# setsebool -P virt_use_nfs on

---

time->Mon Apr 13 09:32:34 2015
type=SYSCALL msg=audit(1428931954.098:1544): arch=c000003e syscall=49 success=no exit=-13 a0=7 a1=7ffff02d5930 a2=6e a3=46 items=0 ppid=1 pid=24979 auid=1000 uid=1000 gid=1000 euid=1000 suid=1000 fsuid=1000 egid=1000 sgid=1000 fsgid=1000 tty=(none) ses=45 comm="qemu-kvm" exe="/usr/libexec/qemu-kvm" subj=unconfined_u:unconfined_r:svirt_t:s0:c608,c754 key=(null)
type=AVC msg=audit(1428931954.098:1544): avc:  denied  { write } for  pid=24979 comm="qemu-kvm" name="lib" dev="0:36" ino=4195019 scontext=unconfined_u:unconfined_r:svirt_t:s0:c608,c754 tcontext=system_u:object_r:nfs_t:s0 tclass=dir


Note You need to log in before you can comment on or make changes to this bug.