Description of problem: The isos used in various already created vm-s are on a read-only mounted NFS partition. The domain can't start Error starting domain: unable to set security context 'system_u:object_r:virt_content_t:s0' on '/apt/iso/Fedora/Fedora-18-i386-netinst.iso': Read-only file system Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/asyncjob.py", line 96, in cb_wrapper callback(asyncjob, *args, **kwargs) File "/usr/share/virt-manager/virtManager/asyncjob.py", line 117, in tmpcb callback(*args, **kwargs) File "/usr/share/virt-manager/virtManager/domain.py", line 1090, in startup self._backend.create() File "/usr/lib64/python2.7/site-packages/libvirt.py", line 681, in create if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self) libvirtError: unable to set security context 'system_u:object_r:virt_content_t:s0' on '/apt/iso/Fedora/Fedora-18-i386-netinst.iso': Read-only file system Version-Release number of selected component (if applicable): libvirt-daemon-1.0.2-2.fc19.x86_64 selinux-policy-targeted-3.12.1-12.fc19.noarch kernel-3.8.0-0.rc7.git1.1.fc19.x86_64
This doesn't work for iso images on a local writable fs either but it works if I # setenforce 0 I don't know if this is the expected behavior with selinux enabled.
Yes, I'm seeing that here too on FC18. I my case the ISO is is loopback mounted (mount -o loop -r centos.iso /mnt/centos). Can we get a fix, or at least a workaround?
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle. Changing version to '19'. (As we did not run this process for some time, it could affect also pre-Fedora 19 development cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.) More information and reason for this action is here: https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19
Fedora 20 has still the same bug. This really cannot be true. (I really do not like your attitude closing bugs using EOL)
(In reply to Ari Lemmke from comment #4) > (I really do not like your attitude closing bugs using EOL) I don't see where the bug has been closed. Only the version was changed (by a bot) from rawhide to 19. It is still in state NEW. (/me chuckles at the idea of a bot script having an "attitude" :-)
Fedora 21+ should not throw this error anymore due to this fix (it's not specific to NFS): commit d1fdecb6240cab8872fd39b0a6dd0df1ebd52b86 Author: Michal Privoznik <mprivozn> Date: Fri Jan 17 12:57:13 2014 +0100 virSecuritySELinuxSetFileconHelper: Don't fail on read-only NFS That said, the VM may still fail to start if the selinux boolean virt_use_nfs isn't set, and potentially a lot of other reasons depending on the RO filesystem config. F20 doesn't have much life left in it, so just closing this bug as F21. If anyone has issues with F21+, please consider opening a new bug since the failure scenario is likely different.
Also FWIW I backported that patch to libvirt v1.1.3-maint branch, so if we end up doing another maint release before f20 is EOL, it will pick up that patch