Not sure what's changed here, but with libvirt-0.7.0 snapshot from rawhide, I'm seeing this: error: Failed to start domain rawhide-2009-05-12 error: internal error unable to start guest: libvir: Security Labeling error : SELinuxSetFilecon: unable to set security context 'system_u:object_r:svirt_image_t:s0:c189,c564' on /var/lib/libvirt/images /rawhide.img: No such file or directory. libvir: QEMU error : internal error Failed to set security label type=SYSCALL msg=audit(1249407382.238:173): arch=c000003e syscall=188 success=no exit=-13 a0=cdbfa0 a1=7f9274a01b19 a2=7f92540cd8f0 a3=2d items=0 ppid=1689 pid=16179 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="libvirtd" exe="/usr /sbin/libvirtd" subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1249407382.238:173): avc: denied { associate } for pid=16179 comm="libvirtd" name="rawhide.img" dev=dm-0 ino=3466671 scontext=system_u:object_r:svirt_image_t:s0:c189,c564 tcontext=system_u:object_r:fs_t:s0 tclass=filesystem Similar error when trying to kick off a new install with virt-install
Here's what I'm seeing in strace: setxattr("/var/lib/libvirt/images/rawhide.img", "security.selinux", "system_u:object_r:svirt_image_t:s0:c563,c596", 45, 0) = -1 EACCES (Permission denied) getxattr("/var/lib/libvirt/images/rawhide.img", "security.selinux", "system_u:object_r:virt_image_t:s0", 255) = 34 socket(PF_FILE, 0x80001 /* SOCK_??? */, 0) = 3 connect(3, {sa_family=AF_FILE, path="/var/run/setrans/.setrans-unix"...}, 110) = -1 ENOENT (No such file or directory) i.e. setxattr() is returning EACCES, the ENOENT comes later
What kind of fs is /var/lib/libvirt/images?
It's just my ext3 root fs on an LVM volume danpb and I discussed this briefly earlier and we can't see what changed in libvirt to cause this; could it be a policy regression?
Fixed in selinux-policy-3.6.26-6.fc12 Lost an attribute do to update to upstream.
thanks, that fixed it