Description of problem: Virt test failing - suspect SELinux is preventing virtual guest OS install Version-Release number of selected component (if applicable): hts-5.0-14 How reproducible: Performing via testsuite or via manual setup Steps to Reproduce: 1. attempt to run virt test on a CPU with virtualization support 2. watch it fail Actual results: ...Virtualization test stage 1 is running...Please be patient... Creating Guest OS... Time elapsed: 6904 seconds. ---- Create fv guest Error ! ---- ...finished running ./virt.sh, exit code=1 Expected results: Guest OS should be albe to be setup and tested Additional info: I tried to create a guest OS manually with the following methods: 1. Para-virtualized mode a) disk partition b) file c) "net" mounted ISO image d) DVD 2. Fully-virtualized mode a) disk partition b) file c) "net" mounted ISO image d) DVD In each case, it seems like the Disk or File that it is attempting to use isn't even there. In Fully-virtualized mode, right after the OS creates the file (or actual disk partition), we get an immediate error: Guest Install Error ERROR: virDomainCreateLinux() failed In Para-virtualized mode, the virtual machine manager does come up and anaconda runs, but when you are asked to select which device to install on, there are no options for you to select. i.e. no disks found. I suspect SELinux is blocking the installations from working due to the following errors in the log: Jan 11 16:04:56 mpk12-2381-73-149 setroubleshoot: SELinux is preventing /usr/sbin/load_policy (load_policy_t) "write" to pipe:[23262] (unconfined_t). For complete SELinux messages. run sealert -l 9b85e8f8-9576-4ee2-8595-cc2cad24f046 Jan 11 16:09:07 mpk12-2381-73-149 setroubleshoot: SELinux is preventing /usr/sbin/load_policy (load_policy_t) "write" to pipe:[28671] (unconfined_t). For complete SELinux messages. run sealert -l 17acf19a-6f59-4425-a6df-bf5253e1345b Jan 11 16:33:47 mpk12-2381-73-149 setroubleshoot: SELinux is preventing /usr/sbin/load_policy (load_policy_t) "write" to pipe:[32958] (unconfined_t). For complete SELinux messages. run sealert -l b8a740b0-4e32-496d-a145-6495b2eb76d2 Jan 11 16:34:04 mpk12-2381-73-149 kernel: SELinux: initialized (dev loop0, type iso9660), uses genfs_contexts Jan 11 16:38:00 mpk12-2381-73-149 setroubleshoot: SELinux is preventing /usr/sbin/load_policy (load_policy_t) "write" to pipe:[37952] (unconfined_t). For complete SELinux messages. run sealert -l 978237b7-92f2-4131-bb06-38d841aea46c Jan 15 09:33:27 mpk12-2381-73-149 setroubleshoot: SELinux is preventing xen (python) "search" to tmp (tmp_t). For complete SELinux messages. run sealert -l 22a77b55-952f-40f2-ad83-e268494fbdba Jan 15 09:35:24 mpk12-2381-73-149 kernel: SELinux: initialized (dev sr0, type iso9660), uses genfs_contexts Jan 15 09:35:42 mpk12-2381-73-149 setroubleshoot: SELinux is preventing xen (python) "search" to tmp (tmp_t). For complete SELinux messages. run sealert -l 22a77b55-952f-40f2-ad83-e268494fbdba Jan 15 09:43:35 mpk12-2381-73-149 setroubleshoot: SELinux is preventing xen (/usr/sbin/tapdisk) "search" to tmp (tmp_t). For complete SELinux messages. run sealert -l 22a77b55-952f-40f2-ad83-e268494fbdba Jan 15 09:48:28 mpk12-2381-73-149 setroubleshoot: SELinux is preventing xen (/usr/sbin/tapdisk) "search" to tmp (tmp_t). For complete SELinux messages. run sealert -l 22a77b55-952f-40f2-ad83-e268494fbdba Jan 15 10:23:22 mpk12-2381-73-149 setroubleshoot: SELinux prevented /sbin/ifconfig from reading files stored on a NFS filesytem. For complete SELinux messages. run sealert -l 891b726f-d12a-4faf-a701-71fe4ff9ce20
The guest image must be created in /var/lib/zen/images, otherwise SELinux will prevent their use. Please try manually creating the FV guest using the image files in the above directory. - Thanks!
(In reply to comment #1) > The guest image must be created in /var/lib/zen/images, otherwise SELinux > will prevent their use. > > Please try manually creating the FV guest using the image files in the > above directory. > > - Thanks! Sorry, that's /var/lib/xen/images
Created attachment 145865 [details] failure to create guest os with HTS
SELinux error that occurred during the initial setup portion of the virt test: Jan 16 10:58:05 mpk12-2381-73-149 setroubleshoot: SELinux is preventing /usr/sbin/load_policy (load_policy_t) "write" to pipe:[18595] (unconfined_t). For complete SELinux messages. run sealert -l ef02ed1a-0244-447c-ac4a-2985cd724395
Deferred - the virt test will not be used in this release. FV guest set-up for hardware certification will be done manually.
OK - if the details for setting up the guest as well as how to test it with the HTS could be provided, that would be great. I am still unable to create virtual OS's manually due to the issues above - even when I point the file to /var/lib/xen/images/DOM1 It fails with the following SELinux error: Jan 16 14:03:55 mpk12-2381-73-149 setroubleshoot: SELinux is preventing xen (/usr/bin/python.#prelink# (deleted)) "search" to tmp (tmp_t). For complete SELinux messages. run sealert -l 85b1db32-8eb1-4fc6-a687-8f45bf523b82 From the SELinux troubleshooter, it suggests typing this: chcon -R -t xen_image_t tmp (however tmp doesn't work, you have to use /tmp) Even after I run that command and attempt to create the virtual OS again, it still fails with that same SELinux error. Thanks
What tools are you using to set up the guest manually? Note that the OS Install image (the image you're installing the guest OS with) also needs to be in the xen_image_t context. For example, I've created a directory /var/lib/xen/iso for these files, and then set the context correctly there.