Bug 506250 - svirt prevents symlinks to be used in disk image paths
svirt prevents symlinks to be used in disk image paths
Product: Fedora
Classification: Fedora
Component: libvirt (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Veillard
Fedora Extras Quality Assurance
Depends On:
Blocks: F11VirtTarget
  Show dependency treegraph
Reported: 2009-06-16 07:49 EDT by Stefan Assmann
Modified: 2009-08-04 11:44 EDT (History)
10 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-08-04 11:44:31 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Stefan Assmann 2009-06-16 07:49:04 EDT
Description of problem:
When trying to install a new VM, selecting Local install media, and the ISO image to install from has a symbolic link for the file itself or a symbolic link is used somewhere in the path the creation will terminate with the following errors:
Unable to complete install '<class 'libvirt.libvirtError'> internal error unable to start guest: qemu: could not open disk image /home/sassmann/extern/ISOs/Fedora-10-x86_64-DVD.iso

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/create.py", line 1501, in do_install
    dom = guest.start_install(False, meter = meter)
  File "/usr/lib/python2.6/site-packages/virtinst/Guest.py", line 541, in start_install
    return self._do_install(consolecb, meter, removeOld, wait)
  File "/usr/lib/python2.6/site-packages/virtinst/Guest.py", line 633, in _do_install
    self.domain = self.conn.createLinux(install_xml, 0)
  File "/usr/lib64/python2.6/site-packages/libvirt.py", line 974, in createLinux
    if ret is None:raise libvirtError('virDomainCreateLinux() failed', conn=self)
libvirtError: internal error unable to start guest: qemu: could not open disk image /home/sassmann/extern/ISOs/Fedora-10-x86_64-DVD.iso

In this example /home/sassmann/extern is a symbolic link

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. create new VM
2. select to install from ISO stored on the system that is referenced by symbolic link

Actual results:
creation of VM fails

Expected results:
creation of VM succeeds

Additional info:
Comment 1 Mark McLoughlin 2009-06-22 12:08:11 EDT
Any selinux messages ? '
ausearch -ts recent -m AVC'

Looks like svirt, I just did:

  $> mv /var/lib/libvirt/images /var/lib/libvirt/images2
  $> ln -s /var/lib/libvirt/images2 /var/lib/libvirt/images
  $> restorecon /var/lib/libvirt/images

and I see:

type=AVC msg=audit(1245686812.900:209): avc:  denied  { read } for  pid=23109 comm="setroubleshootd" name="images" dev=dm-1 ino=48592 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_image_t:s0 tclass=lnk_file
Comment 2 Daniel Walsh 2009-06-22 18:08:28 EDT
You can add these rules now using

# grep avc /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Fixed in selinux-policy-3.6.12-57.fc11
Comment 3 Daniel Berrange 2009-08-04 11:44:31 EDT
Marking closed as per comment #2

Note You need to log in before you can comment on or make changes to this bug.