Description of problem: Selinux causes silent, hard to identify, failures. In this case, I was running F13-Beta-x86_64-Live.iso in a virtual machine OK, but it would totally hang up if i tried to "Install to Hard Drive" (/dev/vd0) Version-Release number of selected component (if applicable): real machine: kernel-2.6.33.1-19.fc13.x86_64 virt-manager-0.8.3-2.fc13.noarch virtual machine: F13-Beta-x86_64-Live.iso How reproducible: 100% Steps to Reproduce: 1. virt-manager 2. run from F13-Beta-x86_64-Live.iso 3. "Install to hard Drive" Actual results: Virtual machine totally hangs while transferring files to /dev/vd0 Expected results: Successful install on virtual host Additional info: Catching the initial Boot and adding "selinux=0" to the kernel options provided a workaround.
Any avc messages in /var/log/audit/audit.log?
Did you build this iso yourself or download it from somewhere?
The base machine was installed from: ftp://download.fedora.redhat.com/pub/fedora/linux/releases/test/13-Alpha/Live/x86_64/F13-Alpha-x86_64-Live.iso with updates and extra packages. It seems I can't find F13-Beta-x86_64-Live.iso any more, but I didn't build it myself. I just now retested with the latest client Live image from: http://alt.fedoraproject.org/pub/alt/nightly-composes/desktop/desktop-x86_64-20100329.19.iso and the problem still exists. No avc messages in /var/log/audit/audit.log on the base system. I can't tell if there were any on the Live install system as it hung. /var/log/messages ends with this on the base system ("t" is my virtual host's name): Mar 30 17:15:14 ontap libvirtd: 17:15:14.434: error : qemudDomainLookupByName:3397 : Domain not found: no domain with matching name 't' Mar 30 17:15:42 ontap libvirtd: 17:15:42.131: error : qemudDomainLookupByName:3397 : Domain not found: no domain with matching name 't' Mar 30 17:15:44 ontap libvirtd: 17:15:44.919: error : qemudDomainLookupByName:3397 : Domain not found: no domain with matching name 't' Mar 30 17:15:45 ontap libvirtd: 17:15:45.381: error : qemudDomainLookupByName:3397 : Domain not found: no domain with matching name 't' Mar 30 17:15:45 ontap libvirtd: 17:15:45.678: error : storageVolumeLookupByName:1153 : Storage volume not found: no storage vol with matching name 't.img' Mar 30 17:15:45 ontap libvirtd: 17:15:45.789: error : storageVolumeLookupByPath:1238 : invalid storage volume pointer in no storage vol with matching path Mar 30 17:15:45 ontap libvirtd: 17:15:45.793: error : storageVolumeLookupByPath:1238 : invalid storage volume pointer in no storage vol with matching path Mar 30 17:15:45 ontap libvirtd: 17:15:45.800: error : storageVolumeLookupByName:1153 : Storage volume not found: no storage vol with matching name 't.img' Mar 30 17:15:48 ontap libvirtd: 17:15:48.884: error : qemudDomainLookupByName:3397 : Domain not found: no domain with matching name 't' Mar 30 17:15:49 ontap libvirtd: 17:15:49.374: error : qemudDomainLookupByName:3397 : Domain not found: no domain with matching name 't' Mar 30 17:15:49 ontap libvirtd: 17:15:49.670: error : storageVolumeLookupByName:1153 : Storage volume not found: no storage vol with matching name 't.img' Mar 30 17:15:49 ontap libvirtd: 17:15:49.773: error : storageVolumeLookupByPath:1238 : invalid storage volume pointer in no storage vol with matching path Mar 30 17:15:49 ontap libvirtd: 17:15:49.778: error : storageVolumeLookupByPath:1238 : invalid storage volume pointer in no storage vol with matching path Mar 30 17:15:49 ontap libvirtd: 17:15:49.787: error : storageVolumeLookupByName:1153 : Storage volume not found: no storage vol with matching name 't.img' Mar 30 17:15:49 ontap libvirtd: 17:15:49.891: error : qemudDomainLookupByUUID:3372 : Domain not found: no domain with matching uuid '1b2107ad-9b95-6630-576f-b51d31190294' Mar 30 17:15:50 ontap libvirtd: 17:15:50.016: error : qemudDomainLookupByName:3397 : Domain not found: no domain with matching name 't' Mar 30 17:15:50 ontap libvirtd: 17:15:50.020: error : storageVolumeLookupByName:1153 : Storage volume not found: no storage vol with matching name 't.img' Mar 30 17:15:50 ontap kernel: device vnet2 entered promiscuous mode Mar 30 17:15:50 ontap kernel: br0: port 4(vnet2) entering learning state Mar 30 17:15:51 ontap qemu-kvm: Could not find keytab file: /etc/qemu/krb5.tab: No such file or directory Mar 30 17:15:52 ontap avahi-daemon[1541]: Registering new address record for fe80::640c:daff:fed2:f286 on vnet2.*. Mar 30 17:16:05 ontap kernel: br0: port 4(vnet2) entering forwarding state
Again with desktop-x86_64-20100329.19.iso, interrupting the boot of the live image and adding "selinux=0" to the kernel option fixes the problem. I think the /var/log/messages in the previous comment are just normal ones from booting the live image before the virtual disk is formatted. I saw them with this successful install too. During retesting with selinux enabled on the live system, I do see an AVC denial popup after clicking "install to Hard Drive", but clicking on "show" just causes the popup to disappear. I was able to capture the audit.log from the Live image.
Created attachment 403605 [details] /var/log/audit/audit.log from Live virtual image just after clicking "Install to Hard Drive"
Fixed in selinux-policy-3.7.17-3.fc13.noarch
selinux-policy-3.7.17-6.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/selinux-policy-3.7.17-6.fc13
selinux-policy-3.7.19-10.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/selinux-policy-3.7.19-10.fc13
selinux-policy-3.7.19-10.fc13 has been pushed to the Fedora 13 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update selinux-policy'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/selinux-policy-3.7.19-10.fc13
selinux-policy-3.7.19-10.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.