[Users] ovirt VM start fails - Perm Denied error

Dan Kenigsberg danken at redhat.com
Tue Feb 14 09:24:41 UTC 2012 

On Tue, Feb 14, 2012 at 12:12:41PM +0530, Deepak C Shetty wrote:
> On 02/13/2012 08:10 PM, Dan Kenigsberg wrote:
> >On Mon, Feb 13, 2012 at 08:57:23AM -0500, Keith Robertson wrote:
> >>On 02/13/2012 08:33 AM, Deepak C Shetty wrote:
> >>>On 02/13/2012 03:16 PM, Dan Kenigsberg wrote:
> >>>>On Sun, Feb 12, 2012 at 11:58:05PM +0530, Deepak C Shetty wrote:
> >>>>>Hi,
> >>>>>    I have tried this multiple times and i hit the same error.
> >>>>>
> >>>>>I have 3 storage domains  created (iso, data and export) all
> >>>>>connected to the DC with DC status as Up and
> >>>>>1 host with status as Up and the same (only) host acting as SPM.
> >>>>>
> >>>>>I used the engine-iso-uploader utility to upload my .iso to
> >>>>>the iso domain.
> >>>>>Created a new VM and attached a vdisk of type sparse (thin-prov) and
> >>>>>click on "Run Once",
> >>>>>where i select "Attach CD" and select my .iso, and change boot order
> >>>>>to boot from CD, then disk.
> >>>>>
> >>>>>But i get this error...
> >>>>>
> >>>>>VM first-ovirt-vm is down. Exit message internal error process
> >>>>>exited while connecting to monitor: qemu-kvm: -drive file=/rhev/data-center/4087fea7-b54a-4318-8d5c-828eff8846f4/35f880f8-bd0c-4063-b171-2ddaa59e1212/images/11111111-1111-1111-1111-111111111111/Fedora-16-x86_64-DVD.iso,if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw:
> >>>>>could not open disk image /rhev/data-center/4087fea7-b54a-4318-8d5c-828eff8846f4/35f880f8-bd0c-4063-b171-2ddaa59e1212/images/11111111-1111-1111-1111-111111111111/Fedora-16-x86_64-DVD.iso:
> >>>>>Permission denied .
> >>>>>
> >>>>>I am unable to figure out why.. bcos the user.group perms for the
> >>>>>.iso are fine.
> >>>>>In fact i logged into the system serving the nfs share and
> >>>>>added 0777 perms
> >>>>>still i get the same error. Here is the snip of how the perms for
> >>>>>.iso look like...
> >>>>>
> >>>>>ll /tmp/iso1-domain/35f880f8-bd0c-4063-b171-2ddaa59e1212/images/11111111-1111-1111-1111-111111111111/Fedora-16-x86_64-DVD.iso
> >>>>>-rwxr-xr-x. 1 vdsm kvm 3757047808 Feb 13 04:24 /tmp/iso1-domain/35f880f8-bd0c-4063-b171-2ddaa59e1212/images/11111111-1111-1111-1111-111111111111/Fedora-16-x86_64-DVD.iso
> >>>>would you try `ls -lZ` ? Does your /var/log/audit/audit.log shows an
> >>>>selinux problem? What's `getenforce`? And `getsebool virt_use_nfs`?
> >>>>
> >>>>What is `groups qemu`?
> >>>>Does
> >>>>    su - qemu -s /bin/bash -c 'strings your.iso'
> >>>>work for you?
> >>>>
> >>>>Regards,
> >>>>Dan.
> >>>>
> >>>>
> >>>Hello Dan,
> >>>    Here is the output you requested...
> >>>
> >>>[root at llm56 ~]# ls -lZ /rhev/data-center/4087fea7-b54a-4318-8d5c-828eff8846f4/35f880f8-bd0c-4063-b171-2ddaa59e1212/images/11111111-1111-1111-1111-111111111111/Fedora-16-x86_64-DVD.iso
> >>>-rwxr-xr-x. vdsm kvm system_u:object_r:nfs_t:s0       /rhev/data-center/4087fea7-b54a-4318-8d5c-828eff8846f4/35f880f8-bd0c-4063-b171-2ddaa59e1212/images/11111111-1111-1111-1111-111111111111/Fedora-16-x86_64-DVD.iso
> >>>
> >>>[root at llm56 ~]# getenforce
> >>>Enforcing
> >>>
> >>>[root at llm56 ~]# getsebool virt_use_nfs
> >>>virt_use_nfs -->  off
> >Vdsm SHOULD configure this to "on" when it first starts, by running
> >
> >     /usr/sbin/semanage  boolean -m -S targeted -F /dev/stdin<<  _EOF
> >virt_use_nfs=1
> >_EOF
> This hangs... tho' i see the below msgs in /var/log/messages...

hangs for how long?
This normally takes a long time. When hung, could you `strace` the
semanage process to see what it is doing?

> 
> Feb 14 17:39:58 llm56 dbus[1170]: avc:  received policyload notice (seqno=5)
> Feb 14 17:39:58 llm56 setsebool: The virt_use_nfs policy boolean was
> changed to 1 by root
> Feb 14 17:39:58 llm56 dbus[1170]: [system] Reloaded configuration
> Feb 14 17:39:58 llm56 dbus-daemon[1170]: dbus[1170]: avc:  received
> policyload notice (seqno=5)
> Feb 14 17:39:58 llm56 dbus-daemon[1170]: dbus[1170]: [system]
> Reloaded configuration
> 
> I had to kill this from anotehr session, but using setsebool
> virt_use_nfs 1 worked for me.

That's good only until next reboot...
> 
> 
> >    /usr/sbin/setsebool virt_use_nfs on
> >
> >Please try running this as root to understand why it failed. qemu cannot
> >use NFS when this is off and selinux is enforcing
>

More information about the Users mailing list