LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General > Linux - Certification
User Name
Password
Linux - Certification This forum is for the discussion of all topics relating to Linux certification.

Notices


Reply
  Search this Thread
Old 08-17-2012, 12:34 PM   #1
Garagegoblin
LQ Newbie
 
Registered: Jun 2011
Posts: 10

Rep: Reputation: Disabled
Question KVM permission issues during chapter 2 of Michael Jang's RHCSA/RHCE book


This is my first post so please bare with me. But I am currently studying for the RHCSA (which is why I chose to post this in this sub-forum). Also I was told by the author he helps on here. Anyhow. Chapter two of his book he deletes the /var/lib/libvirt/images and replaces it with a link to /home/(myusername)/KVM. But during the creation of my VM it says permission denied for the server1.example.com.img I have gone through and made sure I gave rwx permissions to all users with chmod 777 and looked over permissions everywhere I can think of. Any ideas or suggestions would be greatly helpful. I will post some information to hopefully help here.

[root@localhost ~]# ls -l /var/lib/libvirt/images
lrwxrwxrwx. 1 root root 16 Aug 17 12:20 /var/lib/libvirt/images -> /home/smitty/KVM

[root@localhost ~]# ls -l /var/lib/libvirt/images/server1.example.com.img
-rwxrwxrwx. 1 root root 12884901888 Aug 17 13:13 /var/lib/libvirt/images/server1.example.com.img
 
Old 08-17-2012, 02:03 PM   #2
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,943
Blog Entries: 1

Rep: Reputation: 188Reputation: 188
Quote:
Originally Posted by Garagegoblin View Post
This is my first post so please bare with me. But I am currently studying for the RHCSA (which is why I chose to post this in this sub-forum). Also I was told by the author he helps on here. Anyhow. Chapter two of his book he deletes the /var/lib/libvirt/images and replaces it with a link to /home/(myusername)/KVM. But during the creation of my VM it says permission denied for the server1.example.com.img I have gone through and made sure I gave rwx permissions to all users with chmod 777 and looked over permissions everywhere I can think of. Any ideas or suggestions would be greatly helpful. I will post some information to hopefully help here.

[root@localhost ~]# ls -l /var/lib/libvirt/images
lrwxrwxrwx. 1 root root 16 Aug 17 12:20 /var/lib/libvirt/images -> /home/smitty/KVM

[root@localhost ~]# ls -l /var/lib/libvirt/images/server1.example.com.img
-rwxrwxrwx. 1 root root 12884901888 Aug 17 13:13 /var/lib/libvirt/images/server1.example.com.img
SELinux is the problem. What is the Context of /home/smitty/KVM?

Code:
ls -lZ /home/smitty/KVM
NOTE: I think Jang just suggested that you move it...you don't have to (unless you have a space problem)

-C
 
Old 08-17-2012, 02:06 PM   #3
Garagegoblin
LQ Newbie
 
Registered: Jun 2011
Posts: 10

Original Poster
Rep: Reputation: Disabled
[root@localhost ~]# ls -lZ /home/smitty/KVM/
-rwxrwxrwx. root root system_ubject_r:virt_image_t:s0 server1.example.com.img

You are correct it was a suggestion, but my home directory had 100Gb so thought it was a good idea since that was my largest partition. Thank you for the help BTW.
 
Old 08-17-2012, 02:09 PM   #4
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,943
Blog Entries: 1

Rep: Reputation: 188Reputation: 188
Quote:
Originally Posted by Garagegoblin View Post
[root@localhost ~]# ls -lZ /home/smitty/KVM/
-rwxrwxrwx. root root system_ubject_r:virt_image_t:s0 server1.example.com.img

You are correct it was a suggestion, but my home directory had 100Gb so thought it was a good idea since that was my largest partition. Thank you for the help BTW.
Those contexts look right (off the top of my head)...

Try this..

Code:
restorecon -F -R /home/smitty/KVM
ls -lZ /home/smitty/KVM/
-C
 
Old 08-17-2012, 02:11 PM   #5
Garagegoblin
LQ Newbie
 
Registered: Jun 2011
Posts: 10

Original Poster
Rep: Reputation: Disabled
[root@localhost ~]# restorecon -F -R /home/smitty/KVM/
[root@localhost ~]# ls -lZ /home/smitty/KVM/
-rwxrwxrwx. root root unconfined_ubject_r:user_home_t:s0 server1.example.com.img

---------- Post added 08-17-12 at 07:12 PM ----------

Here is the error I get from the KVM during the creation.

Unable to complete install: 'internal error Process exited while reading console log output: char device redirected to /dev/pts/1
qemu-kvm: -drive file=/var/lib/libvirt/images/server1.example.com.img,if=none,id=drive-virtio-disk0,format=raw,cache=none: could not open disk image /var/lib/libvirt/images/server1.example.com.img: Permission denied
 
Old 08-17-2012, 02:23 PM   #6
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,943
Blog Entries: 1

Rep: Reputation: 188Reputation: 188
Quote:
Originally Posted by Garagegoblin View Post
[root@localhost ~]# restorecon -F -R /home/smitty/KVM/
[root@localhost ~]# ls -lZ /home/smitty/KVM/
-rwxrwxrwx. root root unconfined_ubject_r:user_home_t:s0 server1.example.com.img

---------- Post added 08-17-12 at 07:12 PM ----------

Here is the error I get from the KVM during the creation.

Unable to complete install: 'internal error Process exited while reading console log output: char device redirected to /dev/pts/1
qemu-kvm: -drive file=/var/lib/libvirt/images/server1.example.com.img,if=none,id=drive-virtio-disk0,format=raw,cache=none: could not open disk image /var/lib/libvirt/images/server1.example.com.img: Permission denied
Okay now try setting the context...

Code:
cd /home/smitty
semanage fcontext -a -t virt_image_t  KVM
 restorecon -R -v  KVM
If there is anything inside of /home/smitty/KVM you have to do the same commands on those files/directories as well.

--C
 
Old 08-17-2012, 02:27 PM   #7
Garagegoblin
LQ Newbie
 
Registered: Jun 2011
Posts: 10

Original Poster
Rep: Reputation: Disabled
semanage is not showing as an available command. Is there a package that is needed for this?
 
Old 08-17-2012, 02:38 PM   #8
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,943
Blog Entries: 1

Rep: Reputation: 188Reputation: 188
Quote:
Originally Posted by Garagegoblin View Post
semanage is not showing as an available command. Is there a package that is needed for this?
I don't know the package off the top of my head...but you can do this...

Code:
yum provides \*/*bin/semanage
It will show you what packages to install.

--C
 
Old 08-17-2012, 02:55 PM   #9
Garagegoblin
LQ Newbie
 
Registered: Jun 2011
Posts: 10

Original Poster
Rep: Reputation: Disabled
found the package needed, this is the output.

<code>
[root@localhost smitty]# semanage fcontext -a -t virt_image_t KVM restorecon -R -v KVM
/usr/sbin/semanage: bad option
</code>
 
Old 08-17-2012, 03:04 PM   #10
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,943
Blog Entries: 1

Rep: Reputation: 188Reputation: 188
Quote:
Originally Posted by Garagegoblin View Post
found the package needed, this is the output.

<code>
[root@localhost smitty]# semanage fcontext -a -t virt_image_t KVM restorecon -R -v KVM
/usr/sbin/semanage: bad option
</code>
Try it with a semicolon or an &&

This...

Code:
semanage fcontext -a -t virt_image_t KVM ; restorecon -R -v KVM
OR this...

Code:
semanage fcontext -a -t virt_image_t KVM && restorecon -R -v KVM

Then what is the ouput of...

Code:
ls -lZ KVM
and...

Code:
ls -lZ KVM/*
--C
 
Old 08-17-2012, 03:09 PM   #11
Garagegoblin
LQ Newbie
 
Registered: Jun 2011
Posts: 10

Original Poster
Rep: Reputation: Disabled
Code:
[root@localhost smitty]# semanage fcontext -a -t virt_image_t KVM && restorecon -R -v KVM
restorecon reset /home/smitty/KVM/server1.example.com.img context system_u:object_r:virt_image_t:s0->system_u:object_r:user_home_t:s0
[root@localhost smitty]# semanage fcontext -a -t virt_image_t KVM/server1.example.com.img && restorecon -R -v KVM/server1.example.com.img 
[root@localhost smitty]# ls -lZ KVM
-rwxrwxrwx. root root system_u:object_r:user_home_t:s0 server1.example.com.img
[root@localhost smitty]# ls -lZ KVM/*
-rwxrwxrwx. root root system_u:object_r:user_home_t:s0 KVM/server1.example.com.img
Still fails during setup of VM.
 
Old 08-17-2012, 03:59 PM   #12
stef80
Member
 
Registered: Nov 2009
Posts: 51

Rep: Reputation: 14
Try installing "setroubleshoot-server" package, restart auditd and rsyslog services and watch /var/log/messages for SE Linux errors/violations. It should list errors in more readable form.

Other option is creating LVM based guests. You create LV ... say 10 gigs and call it lv_server1 (or whatever you want) and install guest on it (format: raw, cache: none). It should give you better performance then image based guest. Also, Virt-manager can manage your Volume Group as a storage pool (you must add it first) so you can create LVs for guests directly from Virt-manager.

Last edited by stef80; 08-17-2012 at 04:20 PM.
 
Old 08-17-2012, 04:21 PM   #13
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,943
Blog Entries: 1

Rep: Reputation: 188Reputation: 188
Quote:
Originally Posted by Garagegoblin View Post
Code:
[root@localhost smitty]# semanage fcontext -a -t virt_image_t KVM && restorecon -R -v KVM
restorecon reset /home/smitty/KVM/server1.example.com.img context system_u:object_r:virt_image_t:s0->system_u:object_r:user_home_t:s0
[root@localhost smitty]# semanage fcontext -a -t virt_image_t KVM/server1.example.com.img && restorecon -R -v KVM/server1.example.com.img 
[root@localhost smitty]# ls -lZ KVM
-rwxrwxrwx. root root system_u:object_r:user_home_t:s0 server1.example.com.img
[root@localhost smitty]# ls -lZ KVM/*
-rwxrwxrwx. root root system_u:object_r:user_home_t:s0 KVM/server1.example.com.img
Still fails during setup of VM.
I would remove the "server1.example.com.img" THEN do these commands...

Code:
semanage fcontext -a -t virt_image_t KVM && restorecon -R -v KVM
Then try again.

I agree with stef80 ...would like to see what the logs look like.
 
Old 08-17-2012, 04:31 PM   #14
stef80
Member
 
Registered: Nov 2009
Posts: 51

Rep: Reputation: 14
Maybe this would work better:
Code:
semanage fcontext -a -t virt_image_t "KVM(/.*)?" && restorecon -R -v KVM

Last edited by stef80; 08-17-2012 at 04:37 PM.
 
Old 08-17-2012, 04:33 PM   #15
custangro
Senior Member
 
Registered: Nov 2006
Location: California
Distribution: Fedora , CentOS , RHEL
Posts: 1,943
Blog Entries: 1

Rep: Reputation: 188Reputation: 188
Quote:
Originally Posted by stef80 View Post
Maybe this would be better:
Code:
semanage fcontext -a -t virt_image_t KVM\(*\)? && restorecon -R -v KVM
^ Actually that's more elegant. Yes try that.


Still probably need to install those SELinux debugging tools...if you're studying for the RHCSA; you're going to need it eventually anyway :-)

-C
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Help regarding rhcsa & rhce safeen Linux - Newbie 1 08-12-2012 03:57 PM
the best way to learn rhcsa and rhce exam. Rajkumar734 Linux - Newbie 1 03-29-2012 08:37 AM
RHCSA, RHCE, Ucertify PrepKit vodoley Linux - Certification 2 09-05-2011 07:23 AM
Do I have to re-take RHCSA when I do RHCE? BooDaddy Linux - Certification 4 07-25-2011 04:05 PM
LXer: Michael Geist: The ACTA Internet Chapter: Putting the Pieces Together LXer Syndicated Linux News 1 11-09-2009 03:29 AM


All times are GMT -5. The time now is 01:42 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration