Description of problem: I can create a (raw or qcow2) disk image on an NTFS partition, but when I tell virt-manager to use such a disk image, it generates the following exception when it is creating domain (I'm trying to create a KVM virtual machine): Unable to complete install '<class 'libvirt.libvirtError'> internal error Domain Windows7 didn't show up Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/create.py", line 1501, in do_install dom = guest.start_install(False, meter = meter) File "/usr/lib/python2.6/site-packages/virtinst/Guest.py", line 541, in start_install return self._do_install(consolecb, meter, removeOld, wait) File "/usr/lib/python2.6/site-packages/virtinst/Guest.py", line 633, in _do_install self.domain = self.conn.createLinux(install_xml, 0) File "/usr/lib64/python2.6/site-packages/libvirt.py", line 974, in createLinux if ret is None:raise libvirtError('virDomainCreateLinux() failed', conn=self) libvirtError: internal error Domain Windows7 didn't show up ' If I use a disk image under ext4 with all other things the same; virt-manager doesn't have any problem and the virtual system boots fine. Version-Release number of selected component (if applicable): virt-manager-0.7.0-5.fc11.x86_64 How reproducible: 100% Steps to Reproduce: 1. Start creating a new virtual machine (I want to create a Windows virtual machine) 2. Select a Windows installation iso (I used a beta Windows 7 iso) 3. In the hard disk configuration section, use custom settings and create a disk image file under a NTFS partition. (The directory should be added to the list of available file system pools before step 1 using Host Details configuration panel). (I didn't use full pre-allocation). 3. Go ahead and finally press Finish button Actual results: virt-manager will show the mentioned exception while creating the machine. Expected results: The new machine should be created and boot fine
Could you include ~/.virt-manager/virt-manager.log, /var/log/libvirt/qemu/$guest.log and any SELinux errors you're seeing? See also: http://fedoraproject.org/wiki/Reporting_virtualization_bugs
OK, Notice: If I set selinux to permissive mode, I can create the virtual machine and setroubleshoot shows me some alerts. But when SELinux is in Enforcing mode, the mentioned error occures without any alerts by SETroubleShoot application. This is the contents of /var/log/messages after pressing Finish button: (which includes an SELinux related error) Aug 13 12:33:11 localhost libvirtd: 12:33:11.213: error : Domain not found Aug 13 12:33:11 localhost libvirtd: 12:33:11.227: error : Domain not found Aug 13 12:33:11 localhost libvirtd: 12:33:11.628: error : Domain not found Aug 13 12:33:11 localhost libvirtd: 12:33:11.637: error : Domain not found Aug 13 12:33:12 localhost kernel: device vnet0 entered promiscuous mode Aug 13 12:33:12 localhost kernel: virbr0: topology change detected, propagating Aug 13 12:33:12 localhost kernel: virbr0: port 1(vnet0) entering forwarding state Aug 13 12:33:12 localhost libvirtd: 12:33:12.033: error : SELinuxSetFilecon: unable to set security context 'system_u:object_r:svirt_image_t:s0:c124,c423' on /media/SW_Preload/AppInstall/Fedora/test.img: Operation not supported. Aug 13 12:33:12 localhost libvirtd: 12:33:12.034: error : internal error Failed to set security label Aug 13 12:33:12 localhost NetworkManager: nm_device_ethernet_new: assertion `driver != NULL' failed Aug 13 12:33:13 localhost avahi-daemon[1440]: Registering new address record for fe80::7c2e:c6ff:fead:2ae4 on vnet0.*. Aug 13 12:33:16 localhost nm-system-settings: Added default wired connection 'Auto vnet0' for /org/freedesktop/Hal/devices/net_7e_2e_c6_ad_2a_e4 Aug 13 12:33:22 localhost libvirtd: 12:33:22.054: error : internal error Domain Test didn't show up#012 Aug 13 12:33:22 localhost avahi-daemon[1440]: Withdrawing address record for fe80::7c2e:c6ff:fead:2ae4 on vnet0. Aug 13 12:33:22 localhost kernel: virbr0: port 1(vnet0) entering disabled state Aug 13 12:33:22 localhost kernel: device vnet0 left promiscuous mode Aug 13 12:33:22 localhost kernel: virbr0: port 1(vnet0) entering disabled state
Created attachment 357283 [details] VirtManager log file
Created attachment 357284 [details] Guest log (/var/lib/libvirt/qemu/$guest.log)
(No kvm package) python-virtinst-0.400.3-8.fc11.noarch virt-viewer-0.0.3-6.fc11.x86_64 virt-manager-0.7.0-5.fc11.x86_64 uname -a: Linux localhost.localdomain 2.6.29.6-217.2.3.fc11.x86_64 #1 SMP Wed Jul 29 16:02:42 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
(In reply to comment #2) > Aug 13 12:33:12 localhost libvirtd: 12:33:12.033: error : SELinuxSetFilecon: > unable to set security context 'system_u:object_r:svirt_image_t:s0:c124,c423' > on /media/SW_Preload/AppInstall/Fedora/test.img: Operation not supported. Okay, that makes a lot of sense - there is no xattr support on NTFS, so we can't re-label images there dwalsh, danpb: is there anything we can/should do about this?
Fix for the same issue with NFS: http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=777fc2e9d60844a7387355d9cef06bd25190d146 is included in libvirt-0.7.1-1 (in rawhide/F12 and virt-preview for F11) *** This bug has been marked as a duplicate of bug 517157 ***
Re-opening this because I think we may need the equivalent of the virt_use_nfs sebool for ntfs
(In reply to comment #8) > Re-opening this because I think we may need the equivalent of the virt_use_nfs > sebool for ntfs Component should be changed to selinux-policy, that's where SELinux booleans are defined. Workaround is to mount NTFS partition with the mount option context=system_u:object_r:virt_image_t
(In reply to comment #9) > (In reply to comment #8) > > Re-opening this because I think we may need the equivalent of the virt_use_nfs > > sebool for ntfs > > Component should be changed to selinux-policy, that's where SELinux booleans > are defined. Yeah, except AFAIR dwalsh prefers things to remain assigned to the original component and just cc him Moving to selinux-policy now (Ah, I see now that he wasn't cc-ed!)
What AVC's are you getting?
I've included it in comment #2: Aug 13 12:33:12 localhost libvirtd: 12:33:12.033: error : SELinuxSetFilecon: unable to set security context 'system_u:object_r:svirt_image_t:s0:c124,c423' on /media/SW_Preload/AppInstall/Fedora/test.img: Operation not supported. Aug 13 12:33:12 localhost libvirtd: 12:33:12.034: error : internal error Failed to set security label
This is not an SELinux failure, it is a failure in libvirt to realize nfs does not support labels.
Ah, we never did get that patch into F-11 to handle EOPNOTSUPP *** This bug has been marked as a duplicate of bug 517157 ***