Bug 845439 - Creation of box fails with SELinux denial
Summary: Creation of box fails with SELinux denial
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: rawhide
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Miroslav Grepl
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On: 844832
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-08-03 06:07 UTC by Miroslav Grepl
Modified: 2012-12-15 18:55 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 844832
Environment:
Last Closed: 2012-12-15 18:55:24 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Miroslav Grepl 2012-08-03 06:07:28 UTC 
+++ This bug was initially created as a clone of Bug #844832 +++

Description of problem:

Use Boxes to create a VM. When you click "create", it fails with a SELinux error.
The SELinux alert browser reports:

The source process: /usr/bin/qemu-kvm
Attempted this access: write
On this file: Fedora 16.log

If you want to fix the label, /home/<user>/.libvirt/qemu/log/Fedora16.log default label should be svirt_home_t.


Version-Release number of selected component (if applicable):


How reproducible:

Every time. Failure occured when trying to create F17 and F16 guests.

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

--- Additional comment from marcandre.lureau on 2012-08-01 18:41:35 EDT ---

This is a missing selinux policy for libvirt/qemu session. Reassigning to selinux-policy.

--- Additional comment from mgrepl on 2012-08-02 07:46:32 EDT ---

# rpm -q selinux-policy

Also what AVC are you getting?

--- Additional comment from dwalsh on 2012-08-02 15:36:53 EDT ---

I added some labeling for directories within the homedir into Fedora 18.  Looks like gnome-boxes is launching libvirt which ends up launching svirt_t qemu processes, so we need proper labeling in ~/.cache ~/.config and ~/.local

The problem I am now having is actually getting gnome-boxes to work after a couple of failures.

How can I delete virtual machines?

--- Additional comment from marcandre.lureau on 2012-08-02 15:59:33 EDT ---

(In reply to comment #3)
> I added some labeling for directories within the homedir into Fedora 18. 
> Looks like gnome-boxes is launching libvirt which ends up launching svirt_t
> qemu processes, so we need proper labeling in ~/.cache ~/.config and ~/.local
> 
> The problem I am now having is actually getting gnome-boxes to work after a
> couple of failures.
> 
> How can I delete virtual machines?

Daniel, to simplify, you should be able to managed your session libvirt machines with "virt-manager -c qemu:///session"

The other solution to delete VMs via Boxes is to use the selection mode (top right icon), select undesired machines, and click on appearing bottom bar, the remove button. Hope that helps.

--- Additional comment from dwalsh on 2012-08-02 17:00:12 EDT ---

Shouldn't the .cache/gnome-boxes/fedora-17-unattended.img be in a subdir? Like the images directory?

--- Additional comment from dwalsh on 2012-08-02 17:06:35 EDT ---

Ok, I was able to delete, but now when I go to install it fails with install failed.

box setup failed, in both enforcing and disabled mode.  All I am doing is grabbing the iso file that I downloaded.

(gnome-boxes:4511): Boxes-WARNING **: app.vala:233: Unable to refresh storage pool: Requested operation is not valid: storage pool is not active

(gnome-boxes:4511): Boxes-WARNING **: media-manager.vala:80: Failed to fetch list of ISOs from Tracker: Failed to open fileError opening file: No such file or directory.

(gnome-boxes:4511): Boxes-WARNING **: media-manager.vala:80: Failed to fetch list of ISOs from Tracker: Failed to open fileError opening file: No such file or directory.

(gnome-boxes:4511): Boxes-WARNING **: media-manager.vala:80: Failed to fetch list of ISOs from Tracker: Failed to open fileError opening file: No such file or directory.

(gnome-boxes:4511): Boxes-WARNING **: fedora-installer.vala:179: Failed to fetch prefered keyboard layout from user settings, falling back to 'us'..

(gnome-boxes:4511): GLib-CRITICAL **: g_hash_table_lookup: assertion `hash_table != NULL' failed

(gnome-boxes:4511): Boxes-WARNING **: wizard.vala:313: Failed to create volume: Requested operation is not valid: storage pool is not active
dwalsh@celtics$ gnome-boxes 

(gnome-boxes:4647): Boxes-WARNING **: media-manager.vala:80: Failed to fetch list of ISOs from Tracker: Failed to open fileError opening file: No such file or directory.

(gnome-boxes:4647): Boxes-WARNING **: app.vala:233: Unable to refresh storage pool: Requested operation is not valid: storage pool is not active

(gnome-boxes:4647): Boxes-WARNING **: media-manager.vala:80: Failed to fetch list of ISOs from Tracker: Failed to open fileError opening file: No such file or directory.
dwalsh@celtics$ gnome-boxes 

(gnome-boxes:4751): Boxes-WARNING **: media-manager.vala:80: Failed to fetch list of ISOs from Tracker: Failed to open fileError opening file: No such file or directory.

(gnome-boxes:4751): Boxes-WARNING **: app.vala:233: Unable to refresh storage pool: Requested operation is not valid: storage pool is not active

(gnome-boxes:4751): Boxes-WARNING **: media-manager.vala:80: Failed to fetch list of ISOs from Tracker: Failed to open fileError opening file: No such file or directory.

(gnome-boxes:4751): Boxes-WARNING **: media-manager.vala:80: Failed to fetch list of ISOs from Tracker: Failed to open fileError opening file: No such file or directory.

(gnome-boxes:4751): Boxes-WARNING **: fedora-installer.vala:179: Failed to fetch prefered keyboard layout from user settings, falling back to 'us'..

(gnome-boxes:4751): GLib-CRITICAL **: g_hash_table_lookup: assertion `hash_table != NULL' failed

(gnome-boxes:4751): Boxes-WARNING **: wizard.vala:313: Failed to create volume: Requested operation is not valid: storage pool is not active

(gnome-boxes:4751): Boxes-WARNING **: media-manager.vala:80: Failed to fetch list of ISOs from Tracker: Failed to open fileError opening file: No such file or directory.

--- Additional comment from marcandre.lureau on 2012-08-02 17:15:02 EDT ---

(In reply to comment #5)
> Shouldn't the .cache/gnome-boxes/fedora-17-unattended.img be in a subdir?
> Like the images directory?

This is only a temporary file for unattended installations. We don't have subdirectories under .cache, and we put there atm -screenshot.* and -unattended.img files. Maybe we should also make subdir, but atm there is no naming conflict possible I think.

--- Additional comment from marcandre.lureau on 2012-08-02 17:16:58 EDT ---

I guess tracker is not installed or not properly running. You can ignore that errors I guess, and select the .iso manually from Wizard, Source page, "Select a file".

--- Additional comment from dwalsh on 2012-08-02 17:47:53 EDT ---

Well that is what I am doing, as then it asks me for a user and password, I guess it is creating a kick start, or I tell it to not do quick install, and either way it prompts immediately with the box install fails.

--- Additional comment from dwalsh on 2012-08-02 17:48:10 EDT ---

BTW I am testing this in Rawhide.

--- Additional comment from marcandre.lureau on 2012-08-02 19:15:44 EDT ---

(In reply to comment #9)
> Well that is what I am doing, as then it asks me for a user and password, I
> guess it is creating a kick start, or I tell it to not do quick install, and
> either way it prompts immediately with the box install fails.

ah, and you don't get further messages in the console? let see, if you run gnome-boxes --checks, you should get

The CPU is capable of virtualization: yes
The KVM module is loaded: yes

It can also help to run "libvirtd -vvv" as a regular user (assuming there is no running one).

--- Additional comment from marcandre.lureau on 2012-08-02 19:17:46 EDT ---

and the output of "virsh capabilities" can help too, there should be a <guest> of <ostype> hvm (/usr/bin/qemu-kvm).
Note You need to log in before you can comment on or make changes to this bug.