Description of problem: I'm trying to start a VM which had been working fine. Sep 02 10:49:28 fmac.local libvirtd[1939]: internal error: child reported (status=125): Requested operation is not valid: Setting different SELinux label on /var/lib/libvirt/images/untitled.qcow2 which is already in use -rw-r--r--. 1 qemu qemu system_u:object_r:svirt_image_t:s0:c443,c550 198656 Aug 31 19:57 untitled.qcow2 Restorecon won't fix it. Resetting it with chcon to system_u:object_r:virt_image_t:s0 didn't work. And there are no AVC denials. But the last thing I did before this started happening was a complete relabel and reboot. Delete that file and create it from scratch instead. And now I get. Sep 02 10:50:51 fmac.local libvirtd[1939]: internal error: child reported (status=125): Requested operation is not valid: Setting different SELinux label on /var/lib/libvirt/qemu/nvram/uefivm_VARS.fd which is already in use -rw-------. 1 qemu qemu system_u:object_r:svirt_image_t:s0:c443,c550 131072 Aug 31 20:46 /var/lib/libvirt/qemu/nvram/uefivm_VARS.fd This system has been rebooted, and libvirtd has been restarted, and it still complains. It's not in use, except possibly by itself. Version-Release number of selected component (if applicable): libvirt-daemon-5.6.0-1.fc31.x86_64 selinux-policy-3.14.4-31.fc31.noarch How reproducible: Always so far
Created attachment 1610840 [details] journal
Rebooting with 'enforcing=0' does not fix the problem.
Rebooting with 'selinux=0' fixes this problem. Rebooting with selinux enabled and enforcing, it relabels, but now I can't launch the VM again. There is a report on the users@ list, happening on Fedora 29. https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org/message/DXGONPQYZ325IT5XJLQMBCQOD2FKUGQD/
This is a libvirt issue. In v5.6.0 we enabled a new feature that tries to remember the source selinux label of the image. However there were some bugs that should be fixed in v5.7.0 which is coming shortly. In the meantime you can disable the feature entirely by setting remember_owner=0 in /etc/libvirt/qemu.conf and restarting libvirtd. That users@ email looks like the same issue, but this doesn't affect stock Fedora versions, so I'm guessing he is using the virt-preview copr repo
I'm seeing this too (libvirt-daemon-5.6.0-1.fc31.x86_64). I'll try the work-around.
FEDORA-2019-f415c367b9 has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2019-f415c367b9
libvirt-5.6.0-2.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-f415c367b9
Bodhi says it's been pushed to testing, but it's not showing up in u-t even after a refresh.
libvirt-5.6.0-2.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.