Red Hat Bugzilla – Bug 491245
SELinux prevented qemu-kvm from reading an LVM logical volume
Last modified: 2009-03-25 14:11:22 EDT
+++ This bug was initially created as a clone of Bug #453938 +++
This bit me today on f10... virt-manager does not try to fix they lvm context, and it appears that this AVC is "don't audit"-ed, because I didn't not get any avcs. I just happened to search for closed bugs. At the very least, when creating a new vm via virt-manager, it should check the context and warn the user if the type isn't right. Right now, all it does is spew a python error and fail very ungracefully.
Description of problem:
> SELinux is preventing qemu-kvm (qemu_t) "getattr" to
virt-manager i386 0.6.0-5.fc10
Steps to Reproduce:
1. create a fresh LVM volume and initialize it with some file system
2. add its device file (in /dev/mapper/...) to a QEMU virtual machine as a
storage device (type 'Normal Disk Partition')
3. try to start that virtual machine
SELinux denies access as mentioned above. Virtual machine cannot start.
--- Additional comment from email@example.com on 2008-07-03 11:26:39 EDT ---
In order to get SELinux to work with qemu, you need to make sure this disk is
# semanage fcontext -a -t virt_image_t /dev/mapper/Volumes-OldWindowsBackup
# restorecon /dev/mapper/Volumes-OldWindowsBackup
Should allow you to run in enforcingm mode.
Hopefully virtmanager will start doing this automatically.
dwalsh: would something like your patch in #491052 be appropriate here?
No this is a case where libvirt has to take over. A non priv user would not be allowed to set the context on the volume. You would need to be root.
libvirt in rawhide would label the device correctly and this would just work.
Okay, sounds like this is fixed in rawhide - closing as such
*** Bug 474182 has been marked as a duplicate of this bug. ***