selinux has a special boolean to make it easier for disk images to be managedi by libvirt. Set this to true when a user adds an NFS storage pool. Most virtualzation documentation recommends that this be set to true. For example: http://www.ovirt.org/Troubleshooting_NFS_Storage_Issues http://fedoraproject.org/wiki/How_to_debug_Virtualization_problems This will leave it set to true, even if the user removes NFS storage pools. It is not a security risk, and we should not set it to False in case it had already been set by the user for another non-kimchi use. Signed-off-by: Christy Perez <christy@linux.vnet.ibm.com> --- src/kimchi/model/storagepools.py | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/kimchi/model/storagepools.py b/src/kimchi/model/storagepools.py index 5af33b7..1ec6e99 100644 --- a/src/kimchi/model/storagepools.py +++ b/src/kimchi/model/storagepools.py @@ -126,6 +126,13 @@ class StoragePoolsModel(object): kimchi_log.error("Problem creating Storage Pool: %s", e) raise OperationFailed("KCHPOOL0007E", {'name': name, 'err': e.get_error_message()}) + if params['type'] == 'netfs': + output, error, returncode = run_command(['setsebool', '-P', + 'virt_use_nfs=1']) + if error or returncode: + kimchi_log.error('Unable to set virt_use_nfs=1. If you use + SELinux, this may prevent NFS pools from + being used.') return name def _clean_scan(self, pool_name): -- 1.9.0