Created attachment 1803573 [details] rhel8.5-v2v-openstack-enable-selinux-without-vddk.log Description of problem libvirt doesn't relabel sockets in nbd: backing URLs on rhel8 Version-Release number of selected component (if applicable): virt-v2v-1.42.0-14.module+el8.5.0+11846+77888a74.x86_64 libguestfs-1.44.0-3.module+el8.5.0+10681+17a9b157.x86_64 libvirt-libs-7.5.0-1.module+el8.5.0+11664+59f87560.x86_64 qemu-kvm-6.0.0-24.module+el8.5.0+11844+1e3017bd.x86_64 nbdkit-1.24.0-1.module+el8.4.0+9341+96cf2672.x86_64 How reproducible: 100% Steps to Reproduce: 1. Prepare a rhel8.5 instance which has installed virt-v2v on OSP16.2 environment, we called the instance as 'v2v conversion appliance', enable selinux on 'v2v conversion appliance' # getenforce Enforcing 2. Convert a guest from vmware to openstack by virt-v2v with vddk # virt-v2v -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 -it vddk -io vddk-libdir=/home/vmware-vix-disklib-distrib -io vddk-thumbprint=1F:97:34:5F:B6:C2:BA:66:46:CB:1A:71:76:7D:6B:50:1E:03:00:EA -o openstack -oo server-id=v2v-appliance-rhel8_5 esx7.0-rhel8.4-x86_64 -ip /home/passwd [ 1.7] Opening the source -i libvirt -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 esx7.0-rhel8.4-x86_64 -it vddk -io vddk-libdir=/home/vmware-vix-disklib-distrib -io vddk-thumbprint=1F:97:34:5F:B6:C2:BA:66:46:CB:1A:71:76:7D:6B:50:1E:03:00:EA [ 3.5] Creating an overlay to protect the source from being modified [ 4.4] Opening the overlay virt-v2v: error: libguestfs error: could not create appliance through libvirt. Try running qemu directly without libvirt using this environment variable: export LIBGUESTFS_BACKEND=direct Original error from libvirt: can't connect to virtlogd: Unable to open system token /run/libvirt/common/system.token: Permission denied [code=38 int1=13] If reporting bugs, run virt-v2v with debugging enabled and include the complete output: virt-v2v -v -x [...] 3.Convert a guest from vmware to openstack by virt-v2v without vddk # virt-v2v -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 -o openstack -oo server-id=v2v-appliance-rhel8_5 -oo guest-id=12345678-1234-1234-1234-123456789123 esx7.0-rhel8.4-x86_64 -ip /home/passwd [ 1.6] Opening the source -i libvirt -ic vpx://root.73.141/data/10.73.75.219/?no_verify=1 esx7.0-rhel8.4-x86_64 [ 4.6] Creating an overlay to protect the source from being modified [ 5.1] Opening the overlay virt-v2v: error: libguestfs error: could not create appliance through libvirt. Try running qemu directly without libvirt using this environment variable: export LIBGUESTFS_BACKEND=direct Original error from libvirt: can't connect to virtlogd: Unable to open system token /run/libvirt/common/system.token: Permission denied [code=38 int1=13] If reporting bugs, run virt-v2v with debugging enabled and include the complete output: virt-v2v -v -x [...] Actual results: As above description Expected results: Not set environment variable "export LIBGUESTFS_BACKEND=direct" during virt-v2v openstack conversion if selinux is enabled Additional info: The bug has been fixed in bug1698437 for rhel7
Isn't this: https://bugzilla.redhat.com/show_bug.cgi?id=1966842 ? I can't find the RHEL AV equivalent of that bug at the moment ...
Actually that's a bug in selinux-policy so RHEL 8 / AV is not relevant. Can you try to see if this is fixed by upgrading to >= selinux-policy-3.14.3-71.el8
I also think it's the same issue with bug 1966842. mxie, you can have a try to restart libvirtd and virtlogd services.
(In reply to YongkuiGuo from comment #3) > I also think it's the same issue with bug 1966842. mxie, you can have a try > to restart libvirtd and virtlogd services. Yes, I will close the bug *** This bug has been marked as a duplicate of bug 1966842 ***