Created attachment 349074 [details] libvirt-0.6.2-unnecessary-setfilecon.patch Description of problem: When installing a new image from an ISO image on an nfs mount, the operation fails and I get this error in /var/log/messages: error : SELinuxSetFilecon: unable to set security context 'system_u:object_r:virt_content_t:s0' on /mnt/nfsmount/Fedora-11-x86_64-DVD/Fedora-11-x86_64-DVD.iso: Operation not supported. However, the /mnt/nfsmount partition was mounted with this option: context="system_u:object_r:virt_content_t:s0" So it is failing to do something it doesn't need to do. Here is a patch to spot this condition and prevent failure. Version-Release number of selected component (if applicable): libvirt-0.6.2-9.fc11 How reproducible: 100% Steps to Reproduce: 1.Mount nfs directory as above. 2.Attempt to install new VM from ISO image. Actual results: Fails. Expected results: Succeeds. Additional info: Patch which works for me attached, which compares the existing SELinux file context to the one we want it to be if we failed to set it.
Makes sense to me, I forwarded the patch to the list for review, thanks ! Daniel
Re-posted here: http://www.redhat.com/archives/libvir-list/2009-July/msg00049.html
Added to rawhide: * Fri Jul 3 2009 Mark McLoughlin <markmc> - 0.6.4-3.fc12 - Don't unnecessarily try to change a file context (bug #507555) Will build for F-11 too
F-11: * Fri Jul 3 2009 Mark McLoughlin <markmc> - 0.6.2-13.fc11 - Don't unnecessarily try to change a file context (bug #507555)
Created attachment 350421 [details] qemu log libvirt-0.6.2-13.fc11.x86_64 does not solve the problem for me, log attached. I just updated the libvirt package and restarted libvirtd service. Originally reported here: https://bugzilla.redhat.com/show_bug.cgi?id=499933#c4
(In reply to comment #5) # file /mnt/globalsync/rhel/released/RHEL-5-Server/U3/x86_64/iso/RHEL5.3-Server-20090106.0-x86_64-DVD.iso /mnt/globalsync/rhel/released/RHEL-5-Server/U3/x86_64/iso/RHEL5.3-Server-20090106.0-x86_64-DVD.iso: ISO 9660 CD-ROM filesystem data 'RHEL/5.3 x86_64 DVD ' (bootable) # ls -Z /mnt/globalsync/rhel/released/RHEL-5-Server/U3/x86_64/iso/RHEL5.3-Server-20090106.0-x86_64-DVD.iso -rw-rw-r--. 444 444 system_u:object_r:nfs_t:s0 /mnt/globalsync/rhel/released/RHEL-5-Server/U3/x86_64/iso/RHEL5.3-Server-20090106.0-x86_64-DVD.iso
libvirt-0.6.2-13.fc11 has been pushed to the Fedora 11 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update libvirt'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-7449
(In reply to comment #6) > -rw-rw-r--. 444 444 system_u:object_r:nfs_t:s0 It didn't work because it has to be mounted with -o context="system_u:object_r:virt_content_t:s0". Then the update resolves the problem.
libvirt-0.6.2-13.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.