Description of problem: SELinux is preventing from 'open' accesses on the file /etc/libvirt/virtlogd.conf Version-Release number of selected component (if applicable): RHVH 4.1 How reproducible: Fresh install of RHVH 4.0 configure Red Hat Enterprise Virtualization Manager 4.0, add storage domains, networks, hosts (running a fresh install of RHVH 4.0) and all work fine: HA, guest machines works good, etc. The next step was upgrade RHVH to version 4.1. After this upgrade and reboot all physical hosts, the guest was unable to boot. Steps to Reproduce: 1. Fresh install of RHVH 4.0 2. Upgrade RHVH to version 4.1 3. Guest machines unable to start Actual results: Non-operational Data Center Expected results: Failed to connect socket to '/var/run/libvirt/virtlogd-sock': Connection refused. Additional info: Trying to found one solution, we read https://access.redhat.com/solutions/1443193 The reason for this problem is that the virtlog service is unable to start. Please see my notes: the problem: VM debian-demo is down with error. Exit message: Failed to connect socket to '/var/run/libvirt/virtlogd-sock': Connection refused. # rpm -q libvirt-daemon libvirt-daemon-2.0.0-10.el7_3.5.x86_64 (libvirt was upgraded !!! and now the guest logs are driven by virtlogd as external service !!!) # systemctl start libvirtd.service # systemctl enable libvirtd # systemctl status virtlogd -l ● virtlogd.service - Virtual machine log manager Loaded: loaded (/usr/lib/systemd/system/virtlogd.service; indirect; vendor preset: disabled) Active: failed (Result: start-limit) since mar 2017-04-18 09:21:44 -04; 16min ago Docs: man:virtlogd(8) http://libvirt.org Process: 11217 ExecStart=/usr/sbin/virtlogd $VIRTLOGD_ARGS (code=exited, status=1/FAILURE) Main PID: 11217 (code=exited, status=1/FAILURE) abr 18 09:21:44 SERVER systemd[1]: Starting Virtual machine log manager... abr 18 09:21:44 SERVER virtlogd[11217]: 2017-04-18 13:21:44.710+0000: 11217: info : libvirt version: 2.0.0, package: 10.el7_3.5 (Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>, 2017-02-10-03:02:29, x86-020.build.eng.bos.redhat.com) abr 18 09:21:44 SERVER virtlogd[11217]: 2017-04-18 13:21:44.710+0000: 11217: info : hostname: SERVER abr 18 09:21:44 SERVER virtlogd[11217]: 2017-04-18 13:21:44.710+0000: 11217: error : main:1033 : Can't load config file: Failed to open file '/etc/libvirt/virtlogd.conf': Permission denied: /etc/libvirt/virtlogd.conf abr 18 09:21:44 SERVER systemd[1]: virtlogd.service: main process exited, code=exited, status=1/FAILURE abr 18 09:21:44 SERVER systemd[1]: Unit virtlogd.service entered failed state. abr 18 09:21:44 SERVER systemd[1]: virtlogd.service failed. abr 18 09:21:44 SERVER systemd[1]: start request repeated too quickly for virtlogd.service abr 18 09:21:44 SERVER systemd[1]: Failed to start Virtual machine log manager. abr 18 09:21:44 SERVER systemd[1]: virtlogd.service failed. # ls -la /etc/libvirt/virtlogd.conf -rw-r--r--. 1 root root 1997 feb 10 04:04 virtlogd.conf uhm... all file perms are ok... may be selinux enforcing? if I run /usr/sbin/virtlogd -d , restart libvirt, all it's ok... given a try to selinux workaround.... # vi /etc/selinux/targeted/contexts/files/file_contexts ... /etc/libvirt/[^/]* -- system_u:object_r:virt_etc_t:s0 /etc/libvirt/[^/]* -d system_u:object_r:virt_etc_rw_t:s0 ... trying: # semanage permissive -a virtlogd_t reboot the host and now libvirtd and virtlogd start normally, the Data Center is operational again :( correct solution? may be... :)
What version of selinux-policy-targeted do you have? There were selinux fixes there to allow virtlogd_t .
(In reply to Hermes Rodríguez from comment #0) > Version-Release number of selected component (if applicable): > RHVH 4.1 Can you please detail version of the build? In particular, rpm -qv imgbased
This was fixed in imgbased-0.9.23-0.1.el7ev that ships with 4.1-20170417.0 (bug 1434816). What release of RHVH are you using ?
*** This bug has been marked as a duplicate of bug 1434816 ***