Description of problem: I can't create a virtual machine with Virtual Machine Manager on Silverblue 29. The same ISO works in GNOME Boxes. Version-Release number of selected component (if applicable): [znmeb@Silverblue ~]$ virt-manager --version 1.6.0 How reproducible: always Steps to Reproduce: 1. Install Virtual Machine manager 2. Try to create a virtual machine using the Fedora 29 "Everything" netinst ISO file. Actual results: The setup proceeds to the "Install or cancel" box at the end. When you click "Install" you get an error message: Unable to complete install: 'Cannot recv data: Connection reset by peer' Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/asyncjob.py", line 75, in cb_wrapper callback(asyncjob, *args, **kwargs) File "/usr/share/virt-manager/virtManager/create.py", line 2559, in _do_async_install guest.start_install(meter=meter) File "/usr/share/virt-manager/virtinst/guest.py", line 465, in start_install doboot, transient) File "/usr/share/virt-manager/virtinst/guest.py", line 401, in _create_guest domain = self.conn.createXML(install_xml or final_xml, 0) File "/usr/lib64/python3.7/site-packages/libvirt.py", line 3718, in createXML if ret is None:raise libvirtError('virDomainCreateXML() failed', conn=self) libvirt.libvirtError: Cannot recv data: Connection reset by peer Expected results: an install dialogue Additional info:
Virtual Machine Manager is working now. I think there may be a missing dependency in the install. The issue went away when I installed GNOME Boxes with rpm-ostree instead of Flatpak.
I just ran a test - uninstall both gnome-boxes and virt-manager, then install virt-manager. virt-manager comes up, but it doesn't even see libvirt! Unable to connect to libvirt qemu:///system. Verify that the 'libvirtd' daemon is running. Libvirt URI is: qemu:///system Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/connection.py", line 1011, in _do_open self._backend.open(self._do_creds_password) File "/usr/share/virt-manager/virtinst/connection.py", line 136, in open open_flags) File "/usr/lib64/python3.7/site-packages/libvirt.py", line 104, in openAuth if ret is None:raise libvirtError('virConnectOpenAuth() failed') libvirt.libvirtError: Failed to connect socket to '/var/run/libvirt/libvirt-sock': No such file or directory Why? It's not installing libvirt (or the qemu pieces, it looks like): $ sudo rpm-ostree install virt-manager Checking out tree a1d5676... done Enabled rpm-md repositories: updates updates-testing fedora Updating metadata for 'updates': [=============] 100% rpm-md repo 'updates'; generated: 2018-02-20 19:18:14 Updating metadata for 'updates-testing': [=============] 100% rpm-md repo 'updates-testing'; generated: 2018-09-22 19:56:12 Updating metadata for 'fedora': [=============] 100% rpm-md repo 'fedora'; generated: 2018-09-22 10:13:44 Importing metadata [=============] 100% Resolving dependencies... done Checking out packages (91/91) [=============] 100% Running pre scripts... 3 done Running post scripts... 26 done Writing rpmdb... done Writing OSTree commit... done Freed: 44.4 MB (pkgcache branches: 0) Added: cyrus-sasl-2.1.27-0.3rc7.fc29.x86_64 genisoimage-1.1.11-40.fc29.x86_64 gtk-vnc2-0.9.0-2.fc29.x86_64 gvnc-0.9.0-2.fc29.x86_64 libcacard-3:2.6.1-1.fc29.x86_64 libphodav-2.2-3.fc29.x86_64 libssh2-1.8.0-8.fc29.x86_64 libusal-1.1.11-40.fc29.x86_64 libvirt-glib-1.0.0-7.fc29.x86_64 libvirt-libs-4.7.0-1.fc29.x86_64 libwsman1-2.6.5-8.fc29.x86_64 nmap-ncat-2:7.70-4.fc29.x86_64 numactl-libs-2.0.12-1.fc29.x86_64 python3-libvirt-4.7.0-1.fc29.x86_64 spice-glib-0.35-3.fc29.x86_64 spice-gtk3-0.35-3.fc29.x86_64 usbredir-0.8.0-1.fc29.x86_64 virt-manager-1.6.0-1.3.git3bc7ff24c.fc29.noarch virt-manager-common-1.6.0-1.3.git3bc7ff24c.fc29.noarch Run "systemctl reboot" to start a reboot Now install gnome-boxes (attached) and reboot. I can create virtual machines with virt-manager again.
Created attachment 1486258 [details] log of gnome-boxes install
Do you have any SELinux denials in `/var/log/audit/audit.log`? Also look at `journalctl -b -u libvirtd` and `systemctl status virtlogd`. I think I hit this too and fixed it with `restorecon -Rnv /etc/libvirt` or so; can't remember exactly. Which is clearly a bug but not sure where yet.
https://bugzilla.redhat.com/show_bug.cgi?id=1456059
I see this in the journal for libvirtd Dec 07 09:00:58 camacho.local libvirtd[1031]: 2018-12-07 15:00:58.526+0000: 1050: info : libvirt version: 4.7.0, package: 1.fc29 (Fedora Project, 2018-09-04-10:29:06, ) Dec 07 09:00:58 camacho.local libvirtd[1031]: 2018-12-07 15:00:58.526+0000: 1050: info : hostname: camacho.local Dec 07 09:00:58 camacho.local libvirtd[1031]: 2018-12-07 15:00:58.526+0000: 1050: error : virNetSocketReadWire:1790 : Cannot recv data: Connection reset by peer Dec 07 09:00:58 camacho.local libvirtd[1031]: 2018-12-07 15:00:58.527+0000: 1050: error : virNetSocketNewConnectUNIX:711 : Failed to connect socket to '/var/run/libvirt/virtlogd-sock': Connection refused Dec 07 09:03:58 camacho.local libvirtd[1031]: 2018-12-07 15:03:58.103+0000: 1051: error : virNetSocketNewConnectUNIX:711 : Failed to connect socket to '/var/run/libvirt/virtlogd-sock': Connection refused Dec 07 09:03:58 camacho.local libvirtd[1031]: 2018-12-07 15:03:58.103+0000: 1051: error : virNetSocketNewConnectUNIX:711 : Failed to connect socket to '/var/run/libvirt/virtlogd-sock': Connection refused Dec 07 09:04:50 camacho.local libvirtd[1031]: 2018-12-07 15:04:50.063+0000: 1052: error : virNetSocketNewConnectUNIX:711 : Failed to connect socket to '/var/run/libvirt/virtlogd-sock': Connection refused Dec 07 09:04:50 camacho.local libvirtd[1031]: 2018-12-07 15:04:50.063+0000: 1052: error : virNetSocketNewConnectUNIX:711 : Failed to connect socket to '/var/run/libvirt/virtlogd-sock': Connection refused As usual you're right the coulprite lies here: Dec 07 09:00:58 camacho.local virtlogd[31484]: 2018-12-07 15:00:58.524+0000: 31484: info : hostname: camacho.local Dec 07 09:00:58 camacho.local virtlogd[31484]: 2018-12-07 15:00:58.524+0000: 31484: error : main:1054 : Can't load config file: Failed to open file '/etc/libvirt/virtlogd.conf': Permission denied: /etc/libvirt/> Dec 07 09:00:58 camacho.local systemd[1]: virtlogd.service: Main process exited, code=exited, status=1/FAILURE Dec 07 09:00:58 camacho.local systemd[1]: virtlogd.service: Failed with result 'exit-code'. Dec 07 09:00:58 camacho.local systemd[1]: virtlogd.service: Start request repeated too quickly. Dec 07 09:00:58 camacho.local systemd[1]: virtlogd.service: Failed with result 'exit-code'. Dec 07 09:00:58 camacho.local systemd[1]: Failed to start Virtual machine log manager. type=AVC msg=audit(1544196386.380:770): avc: denied { search } for pid=867 comm="virtlogd" name="libvirt" dev="dm-1" ino=2491591 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_etc_rw_t:s0 tclass=dir permissive=0
I reproduced this in a VM running Silverblue 29. The culprint seems to be SELinux denials when trying to open `/etc/libvirt/virtlogd.conf`? $ sudo journalctl -b -u libvirtd --no-pager -- Logs begin at Fri 2018-12-07 10:30:44 EST, end at Fri 2018-12-07 11:08:17 EST. -- Dec 07 10:46:09 localhost.localdomain systemd[1]: Starting Virtualization daemon... Dec 07 10:46:10 localhost.localdomain systemd[1]: Started Virtualization daemon. Dec 07 10:46:13 localhost.localdomain dnsmasq[1112]: started, version 2.79 cachesize 150 Dec 07 10:46:13 localhost.localdomain dnsmasq[1112]: compile time options: IPv6 GNU-getopt DBus no-i18n IDN2 DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect inotify Dec 07 10:46:13 localhost.localdomain dnsmasq-dhcp[1112]: DHCP, IP range 192.168.122.2 -- 192.168.122.254, lease time 1h Dec 07 10:46:13 localhost.localdomain dnsmasq-dhcp[1112]: DHCP, sockets bound exclusively to interface virbr0 Dec 07 10:46:13 localhost.localdomain dnsmasq[1112]: reading /etc/resolv.conf Dec 07 10:46:13 localhost.localdomain dnsmasq[1112]: using nameserver 192.168.124.1#53 Dec 07 10:46:13 localhost.localdomain dnsmasq[1112]: read /etc/hosts - 2 addresses Dec 07 10:46:13 localhost.localdomain dnsmasq[1112]: read /var/lib/libvirt/dnsmasq/default.addnhosts - 0 addresses Dec 07 10:46:13 localhost.localdomain dnsmasq-dhcp[1112]: read /var/lib/libvirt/dnsmasq/default.hostsfile Dec 07 10:49:52 localhost.localdomain systemd[1]: Stopping Virtualization daemon... Dec 07 10:49:52 localhost.localdomain systemd[1]: Stopped Virtualization daemon. Dec 07 10:49:52 localhost.localdomain systemd[1]: libvirtd.service: Found left-over process 1112 (dnsmasq) in control group while starting unit. Ignoring. Dec 07 10:49:52 localhost.localdomain systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. Dec 07 10:49:52 localhost.localdomain systemd[1]: libvirtd.service: Found left-over process 1113 (dnsmasq) in control group while starting unit. Ignoring. Dec 07 10:49:52 localhost.localdomain systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies. Dec 07 10:49:52 localhost.localdomain systemd[1]: Starting Virtualization daemon... Dec 07 10:49:52 localhost.localdomain systemd[1]: Started Virtualization daemon. Dec 07 10:49:52 localhost.localdomain dnsmasq[1112]: read /etc/hosts - 2 addresses Dec 07 10:49:52 localhost.localdomain dnsmasq[1112]: read /var/lib/libvirt/dnsmasq/default.addnhosts - 0 addresses Dec 07 10:49:52 localhost.localdomain dnsmasq-dhcp[1112]: read /var/lib/libvirt/dnsmasq/default.hostsfile Dec 07 11:01:10 localhost.localdomain libvirtd[2736]: 2018-12-07 16:01:10.934+0000: 2742: info : libvirt version: 4.7.0, package: 1.fc29 (Fedora Project, 2018-09-04-10:29:06, ) Dec 07 11:01:10 localhost.localdomain libvirtd[2736]: 2018-12-07 16:01:10.934+0000: 2742: info : hostname: localhost.localdomain Dec 07 11:01:10 localhost.localdomain libvirtd[2736]: 2018-12-07 16:01:10.934+0000: 2742: error : virQEMUCapsCacheLookupDefault:5006 : invalid argument: KVM is not supported by '/usr/bin/qemu-kvm' on this host Dec 07 11:01:11 localhost.localdomain libvirtd[2736]: 2018-12-07 16:01:11.151+0000: 2738: error : virQEMUCapsCacheLookupDefault:5006 : invalid argument: KVM is not supported by '/usr/bin/qemu-kvm' on this host Dec 07 11:01:40 localhost.localdomain libvirtd[2736]: 2018-12-07 16:01:40.171+0000: 2739: error : qemuProcessUpdateGuestCPU:5736 : unsupported configuration: CPU mode 'custom' for x86_64 kvm domain on x86_64 host is not supported by hypervisor Dec 07 11:01:40 localhost.localdomain libvirtd[2736]: 2018-12-07 16:01:40.420+0000: 2739: error : virNetSocketReadWire:1790 : Cannot recv data: Connection reset by peer Dec 07 11:01:53 localhost.localdomain libvirtd[2736]: 2018-12-07 16:01:53.640+0000: 2741: error : virNetSocketNewConnectUNIX:711 : Failed to connect socket to '/var/run/libvirt/virtlogd-sock': Connection refused Dec 07 11:01:53 localhost.localdomain libvirtd[2736]: 2018-12-07 16:01:53.640+0000: 2741: error : virNetSocketNewConnectUNIX:711 : Failed to connect socket to '/var/run/libvirt/virtlogd-sock': Connection refused $ sudo journalctl -b -u virtlogd --no-pager -- Logs begin at Fri 2018-12-07 10:30:44 EST, end at Fri 2018-12-07 11:08:32 EST. -- Dec 07 11:01:40 localhost.localdomain systemd[1]: Started Virtual machine log manager. Dec 07 11:01:40 localhost.localdomain virtlogd[4331]: 2018-12-07 16:01:40.222+0000: 4331: info : libvirt version: 4.7.0, package: 1.fc29 (Fedora Project, 2018-09-04-10:29:06, ) Dec 07 11:01:40 localhost.localdomain virtlogd[4331]: 2018-12-07 16:01:40.222+0000: 4331: info : hostname: localhost.localdomain Dec 07 11:01:40 localhost.localdomain virtlogd[4331]: 2018-12-07 16:01:40.222+0000: 4331: error : main:1054 : Can't load config file: Failed to open file '/etc/libvirt/virtlogd.conf': Permission denied: /etc/libvirt/virtlogd.conf Dec 07 11:01:40 localhost.localdomain systemd[1]: virtlogd.service: Main process exited, code=exited, status=1/FAILURE Dec 07 11:01:40 localhost.localdomain systemd[1]: virtlogd.service: Failed with result 'exit-code'. Dec 07 11:01:40 localhost.localdomain systemd[1]: Started Virtual machine log manager. Dec 07 11:01:40 localhost.localdomain virtlogd[4332]: 2018-12-07 16:01:40.274+0000: 4332: info : libvirt version: 4.7.0, package: 1.fc29 (Fedora Project, 2018-09-04-10:29:06, ) Dec 07 11:01:40 localhost.localdomain virtlogd[4332]: 2018-12-07 16:01:40.274+0000: 4332: info : hostname: localhost.localdomain Dec 07 11:01:40 localhost.localdomain virtlogd[4332]: 2018-12-07 16:01:40.274+0000: 4332: error : main:1054 : Can't load config file: Failed to open file '/etc/libvirt/virtlogd.conf': Permission denied: /etc/libvirt/virtlogd.conf Dec 07 11:01:40 localhost.localdomain systemd[1]: virtlogd.service: Main process exited, code=exited, status=1/FAILURE Dec 07 11:01:40 localhost.localdomain systemd[1]: virtlogd.service: Failed with result 'exit-code'. Dec 07 11:01:40 localhost.localdomain systemd[1]: Started Virtual machine log manager. Dec 07 11:01:40 localhost.localdomain virtlogd[4333]: 2018-12-07 16:01:40.343+0000: 4333: info : libvirt version: 4.7.0, package: 1.fc29 (Fedora Project, 2018-09-04-10:29:06, ) Dec 07 11:01:40 localhost.localdomain virtlogd[4333]: 2018-12-07 16:01:40.343+0000: 4333: info : hostname: localhost.localdomain Dec 07 11:01:40 localhost.localdomain virtlogd[4333]: 2018-12-07 16:01:40.343+0000: 4333: error : main:1054 : Can't load config file: Failed to open file '/etc/libvirt/virtlogd.conf': Permission denied: /etc/libvirt/virtlogd.conf Dec 07 11:01:40 localhost.localdomain systemd[1]: virtlogd.service: Main process exited, code=exited, status=1/FAILURE Dec 07 11:01:40 localhost.localdomain systemd[1]: virtlogd.service: Failed with result 'exit-code'. Dec 07 11:01:40 localhost.localdomain systemd[1]: Started Virtual machine log manager. Dec 07 11:01:40 localhost.localdomain virtlogd[4334]: 2018-12-07 16:01:40.377+0000: 4334: info : libvirt version: 4.7.0, package: 1.fc29 (Fedora Project, 2018-09-04-10:29:06, ) Dec 07 11:01:40 localhost.localdomain virtlogd[4334]: 2018-12-07 16:01:40.377+0000: 4334: info : hostname: localhost.localdomain Dec 07 11:01:40 localhost.localdomain virtlogd[4334]: 2018-12-07 16:01:40.377+0000: 4334: error : main:1054 : Can't load config file: Failed to open file '/etc/libvirt/virtlogd.conf': Permission denied: /etc/libvirt/virtlogd.conf Dec 07 11:01:40 localhost.localdomain systemd[1]: virtlogd.service: Main process exited, code=exited, status=1/FAILURE Dec 07 11:01:40 localhost.localdomain systemd[1]: virtlogd.service: Failed with result 'exit-code'. Dec 07 11:01:40 localhost.localdomain systemd[1]: Started Virtual machine log manager. Dec 07 11:01:40 localhost.localdomain virtlogd[4335]: 2018-12-07 16:01:40.416+0000: 4335: info : libvirt version: 4.7.0, package: 1.fc29 (Fedora Project, 2018-09-04-10:29:06, ) Dec 07 11:01:40 localhost.localdomain virtlogd[4335]: 2018-12-07 16:01:40.416+0000: 4335: info : hostname: localhost.localdomain Dec 07 11:01:40 localhost.localdomain virtlogd[4335]: 2018-12-07 16:01:40.416+0000: 4335: error : main:1054 : Can't load config file: Failed to open file '/etc/libvirt/virtlogd.conf': Permission denied: /etc/libvirt/virtlogd.conf Dec 07 11:01:40 localhost.localdomain systemd[1]: virtlogd.service: Main process exited, code=exited, status=1/FAILURE Dec 07 11:01:40 localhost.localdomain systemd[1]: virtlogd.service: Failed with result 'exit-code'. Dec 07 11:01:40 localhost.localdomain systemd[1]: virtlogd.service: Start request repeated too quickly. Dec 07 11:01:40 localhost.localdomain systemd[1]: virtlogd.service: Failed with result 'exit-code'. Dec 07 11:01:40 localhost.localdomain systemd[1]: Failed to start Virtual machine log manager. $ sudo journalctl -b | grep avc.*denied Dec 07 11:01:40 localhost.localdomain audit[4331]: AVC avc: denied { search } for pid=4331 comm="virtlogd" name="libvirt" dev="dm-0" ino=943377 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_etc_rw_t:s0 tclass=dir permissive=0 Dec 07 11:01:40 localhost.localdomain audit[4331]: AVC avc: denied { search } for pid=4331 comm="virtlogd" name="libvirt" dev="dm-0" ino=943377 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_etc_rw_t:s0 tclass=dir permissive=0 Dec 07 11:01:40 localhost.localdomain audit[4332]: AVC avc: denied { search } for pid=4332 comm="virtlogd" name="libvirt" dev="dm-0" ino=943377 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_etc_rw_t:s0 tclass=dir permissive=0 Dec 07 11:01:40 localhost.localdomain audit[4332]: AVC avc: denied { search } for pid=4332 comm="virtlogd" name="libvirt" dev="dm-0" ino=943377 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_etc_rw_t:s0 tclass=dir permissive=0 Dec 07 11:01:40 localhost.localdomain audit[4333]: AVC avc: denied { search } for pid=4333 comm="virtlogd" name="libvirt" dev="dm-0" ino=943377 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_etc_rw_t:s0 tclass=dir permissive=0 Dec 07 11:01:40 localhost.localdomain audit[4333]: AVC avc: denied { search } for pid=4333 comm="virtlogd" name="libvirt" dev="dm-0" ino=943377 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_etc_rw_t:s0 tclass=dir permissive=0 Dec 07 11:01:40 localhost.localdomain audit[4334]: AVC avc: denied { search } for pid=4334 comm="virtlogd" name="libvirt" dev="dm-0" ino=943377 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_etc_rw_t:s0 tclass=dir permissive=0 Dec 07 11:01:40 localhost.localdomain audit[4334]: AVC avc: denied { search } for pid=4334 comm="virtlogd" name="libvirt" dev="dm-0" ino=943377 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_etc_rw_t:s0 tclass=dir permissive=0 Dec 07 11:01:40 localhost.localdomain audit[4335]: AVC avc: denied { search } for pid=4335 comm="virtlogd" name="libvirt" dev="dm-0" ino=943377 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_etc_rw_t:s0 tclass=dir permissive=0 Dec 07 11:01:40 localhost.localdomain audit[4335]: AVC avc: denied { search } for pid=4335 comm="virtlogd" name="libvirt" dev="dm-0" ino=943377 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_etc_rw_t:s0 tclass=dir permissive=0 $ sudo ls -lZ /etc/libvirt/virtlogd.conf -rw-r--r--. 1 root root system_u:object_r:virtlogd_etc_t:s0 3247 Dec 7 10:45 /etc/libvirt/virtlogd.conf $ sudo restorecon -Rnv /etc/libvirt Would relabel /etc/libvirt from system_u:object_r:virt_etc_rw_t:s0 to system_u:object_r:virt_etc_t:s0 After running the `restorecon` and restarting libvirtd/virtlogd, I was able to get past the error.
I have the same error on Fedora Silverblue on my laptop: Dec 16 17:32:33 x11SilverBlue.insuasti.ec virtlogd[3529]: 2018-12-16 22:32:33.610+0000: 3529: error : main:1054 : Can't load config file: Failed to open file '/etc/libvirt/virtlogd.conf': Permission denied: /etc/libvirt/virtlogd.conf This confirm that is SELinux denials the access to /etc/libvirt/virtlogd.conf Dec 16 17:32:33 x11SilverBlue.insuasti.ec audit[3529]: AVC avc: denied { search } for pid=3529 comm="virtlogd" name="libvirt" dev="dm-1" ino=950350 scontext=system_u:system_r:virtlogd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_etc_rw_t:s0 tclass=dir permissive=0 my solution for now is $ sudo setenforce 0 $ sudo systemctl restart virtlogd $ sudo systemctl restart libvirtd
Please use: restorecon -Rv /etc/libvirt As a workaround for this for now.
I just hit this myself. What is the actual bug here? Is it a libvirt bug? Is it an ostree bug? How do we get it resolved in the future?
> I just hit this myself. > > What is the actual bug here? Is it a libvirt bug? Is it an ostree bug? How > do we get it resolved in the future? I'd have to redo my troubleshooting, but my recollection is that it worked on Silverblue 28 because `gnome-boxes` was there and pulled in all the required dependencies. I think `virt-manager` works on Silverblue 29 *if* you have `gnome-boxes` installed as well. I think the fix is to figure out which dependencies are missing from the `virt-manager` RPM. But this is all from memory; I don't have a test rig set up at the moment.
The issue for me was the fact that the /etc/libvirt directory had the wrong selinux label. I don't think the issue I was having was a dependency issue unless installing other things caused the directory to get labeled properly.
(In reply to Dusty Mabe from comment #12) > The issue for me was the fact that the /etc/libvirt directory had the wrong > selinux label. I don't think the issue I was having was a dependency issue > unless installing other things caused the directory to get labeled properly. When I ran into it, it was during the beta for Silverblue 29 and I was doing a bunch of testing. I'll try to reproduce it on a fresh Silverblue 29 VM later today and see if my symptom is fixed.
Confirmed this to be an issue past Fedora 27, virt-lib is unable to connect to any remote KVM/libvirt servers over ssh. Fedora 28 - Confirmed Fedora 29 - Confirmed I had to revert my Fedora Workstation for Administrator Tasks back to Fedora 27 to be able to use Virtual Machine Manager. Trying some of the work-arounds has no affect for me. SELinux disabled, no change. $ sudo setenforce 0 $ sudo systemctl restart virtlogd $ sudo systemctl restart libvirtd Done on the host, and the client. restorecon -Rv /etc/libvirt Done on the client, on change.
From the last comments this sounds like an selinux issue, not sure if libvirtd is at fault here
commit 58e99ba8a7f1f588726319a4bb33801aeaa7ad10 Author: Lukas Vrabec <lvrabec> Date: Tue Mar 26 15:08:02 2019 +0100 Allow virtlogd_t domain to create virt_etc_rw_t files in virt_etc_t
Giving virtlogd permission to create files in /etc/ doesn't sound right to me. The AVCs were just for "search" permission. The only files virtlogd should be creating are under /var/log and /var/run, it merely needs read access to /etc/libvirt AFAIR
I think this is probably a bug in libostree's SELinux handling, but it needs some investigation.
selinux-policy-3.14.2-53.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2019-bf377d92c7
selinux-policy-3.14.2-53.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-bf377d92c7
selinux-policy-3.14.2-53.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.
Package selinux-policy-3.14.2-54.fc29.noarch is installed now. No change. error: Unable to connect to libvirt qemu+ssh://root.XXX.XXX/system. Cannot recv data: packet_write_wait: Connection to XXX.XXX.XXX.XXX port 22: Broken pipe: Connection reset by peer Verify that the 'libvirtd' daemon is running on the remote host. Libvirt URI is: qemu+ssh://root.XXX.XXX/system Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/connection.py", line 1012, in _do_open self._backend.open(connectauth.creds_dialog, self) File "/usr/share/virt-manager/virtinst/connection.py", line 138, in open open_flags) File "/usr/lib64/python3.7/site-packages/libvirt.py", line 104, in openAuth if ret is None:raise libvirtError('virConnectOpenAuth() failed') libvirt.libvirtError: Cannot recv data: packet_write_wait: Connection to XXX.XXX.XXX.XXX port 22: Broken pipe: Connection reset by peer Host is CentOS 7.6. Works perfectly with previous versions of Fedora.