Description of problem: When trying to install a new VM, selecting Local install media, and the ISO image to install from has a symbolic link for the file itself or a symbolic link is used somewhere in the path the creation will terminate with the following errors: Unable to complete install '<class 'libvirt.libvirtError'> internal error unable to start guest: qemu: could not open disk image /home/sassmann/extern/ISOs/Fedora-10-x86_64-DVD.iso Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/create.py", line 1501, in do_install dom = guest.start_install(False, meter = meter) File "/usr/lib/python2.6/site-packages/virtinst/Guest.py", line 541, in start_install return self._do_install(consolecb, meter, removeOld, wait) File "/usr/lib/python2.6/site-packages/virtinst/Guest.py", line 633, in _do_install self.domain = self.conn.createLinux(install_xml, 0) File "/usr/lib64/python2.6/site-packages/libvirt.py", line 974, in createLinux if ret is None:raise libvirtError('virDomainCreateLinux() failed', conn=self) libvirtError: internal error unable to start guest: qemu: could not open disk image /home/sassmann/extern/ISOs/Fedora-10-x86_64-DVD.iso In this example /home/sassmann/extern is a symbolic link Version-Release number of selected component (if applicable): virt-manager-0.7.0-5.fc11.x86_64 How reproducible: always Steps to Reproduce: 1. create new VM 2. select to install from ISO stored on the system that is referenced by symbolic link Actual results: creation of VM fails Expected results: creation of VM succeeds Additional info:
Any selinux messages ? ' ausearch -ts recent -m AVC' Looks like svirt, I just did: $> mv /var/lib/libvirt/images /var/lib/libvirt/images2 $> ln -s /var/lib/libvirt/images2 /var/lib/libvirt/images $> restorecon /var/lib/libvirt/images and I see: type=AVC msg=audit(1245686812.900:209): avc: denied { read } for pid=23109 comm="setroubleshootd" name="images" dev=dm-1 ino=48592 scontext=system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_image_t:s0 tclass=lnk_file
You can add these rules now using # grep avc /var/log/audit/audit.log | audit2allow -M mypol # semodule -i mypol.pp Fixed in selinux-policy-3.6.12-57.fc11
Marking closed as per comment #2