Red Hat Bugzilla – Bug 490209
Unable to install VM: preventing libvirtd (virtd_t) "ioctl" kvm_device_t.
Last modified: 2009-03-18 09:05:20 EDT
I wanted to test the installation of a VM from CD. I used the Ubuntu 8.10 CD and set everything up using VMM's wizard.
I needed to manually "connect" the CD, but even after that the VM does not boot.
What virt-manager version are you using?
So you attached the CDROM to an existing guest? You then also need to change the VM boot device to launch off the cdrom under the Details->Boot Options.
(In reply to comment #1)
> What virt-manager version are you using?
The latest in rawhide (0.7-something)
> So you attached the CDROM to an existing guest? You then also need to change
> the VM boot device to launch off the cdrom under the Details->Boot Options.
I configured a new guest to be installed from CD. I connected the CD and also changed the boot option. The default config seems to be a VNC display but I also tried changing it to SDL.
Hmm, and none of that worked? Interesting.
Can you provide:
virsh dumpxml vmname (as root)
Created attachment 335164 [details]
Here's a .zip collecting all the logs.
try1: normal VM setup with disk prealocation ON => crash
try2: same, but with disk prealocation OFF => wizard finishes, connect cd, change boot, run. The text on the VM "screen" flashes to something else (like "Console not ready") for a second or two and then returns to the old look. Nothing happens.
Hmm, strange. I can't really tell what's going wrong from the logs.
After the screen flashes from 'Console not ready', is the VM still running? Details->Overview should show as much.
If so, can you try 'sudo virt-viewer --connect qemu:///system VMNAME' from the command line, and see if that actually connects?
The weird thing is, disk preallocation actually isn't hooked up at the moment due to performance reasons, so whether it's selected or not shouldn't make a difference.
Are you getting any selinux warning messages through all this?
(In reply to comment #5)
> Hmm, strange. I can't really tell what's going wrong from the logs.
> After the screen flashes from 'Console not ready',
It actually says "Console is not yet active for guest.", then changes back to "Guest not running"
> is the VM still running?
> Details->Overview should show as much.
Status is "Shut off"
> The weird thing is, disk preallocation actually isn't hooked up at the moment
> due to performance reasons, so whether it's selected or not shouldn't make a
I think this is a different problem. The same problem also occurs if I don't select a harddrive at all (the VM sould be able to boot into the live CD without a hdd I think?)
> Are you getting any selinux warning messages through all this?
(In reply to comment #6)
> > Are you getting any selinux warning messages through all this?
> No, nothing.
I re-installed my test system and now I see a SELinux warning for virtd.
Created attachment 335251 [details]
Here's the alert message.
Also, virtd shows this while starting up, which is maybe related?
libnuma: Warning: /sys not mounted or no numa system. Assuming one node
After reinstalling your system, does the VM still fail to install? Does turning off selinux with 'setenforce 0' make any difference?
(In reply to comment #10)
> After reinstalling your system, does the VM still fail to install?
> Does turning off selinux with 'setenforce 0' make any difference?
Yes, seems to work fine then.
I have two more SElinux warnings. I'll attach those here, I think we can re-assign the bug to selinux-policy or something like that.
Created attachment 335422 [details]
Created attachment 335423 [details]
Okay, reassigning to selinux-policy. Please see comment #12 and comment #13 for more info.
I'm wondering if this is due to fact that libvirt in rawhide does not yet have this patch included for sVirt
Well none of these avc error messages are actually blocking any action. Currently libvirt is running in permissive mode rather then unconfined. but both should be able to do everything as if SELinux was disabled.
Permissive allows us to collect avc messages during the beta and rawhide, without blocking any activity.
Michael do you see any pulseaudio failures in /var/log/audit/audit.log?
I would figure the pulseaudio is the problem. If you remove the sound card from your image, does it work in enforcing mode?
BTW the reported AVC's will be fixed in
Looks like I'm getting different results all the time...
Well, I upgraded to the lastest selinux* packages from koji and tried again. If the machine has no sound card added, it now works flawlessly (also selinux doesn't seem to mind anymore...).
I then re-added a sound card to the VM. In this case, I now get this:
Error starting domain: internal error unable to start guest: char device redirected to /dev/pts/0
Failed to create secure directory: Permission denied
Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/engine.py", line 493, in run_domain
File "/usr/share/virt-manager/virtManager/domain.py", line 558, in startup
File "/usr/lib/python2.6/site-packages/libvirt.py", line 287, in create
if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self)
libvirtError: internal error unable to start guest: char device redirected to /dev/pts/0
Failed to create secure directory: Permission denied
That problem is solved by latest libvirt RPMs, libvirt-0.6.1-5.fc11.
NB, by 'solved', I mean that libvirt will never enable any soundcards for guests run with 'qemu:///system', when the SELinux security driver is active.
Well I am closing this bug, since SELinux policy will handle the case where libvirt is not using a soundcard and the latest libvirt does not use pulseaudio when selinux is enforcing. I think we still need to work with the pulseaudio people to get a common solution so virtual images can provide sound in a svirt environment.