[Users] ovirt VM start fails - Perm Denied error

Deepak C Shetty deepakcs at linux.vnet.ibm.com
Wed Feb 15 06:43:39 UTC 2012 

On 02/14/2012 02:55 PM, Dan Kenigsberg wrote:
> On Tue, Feb 14, 2012 at 10:36:39AM +0530, Deepak C Shetty wrote:
>> On 02/13/2012 03:16 PM, Dan Kenigsberg wrote:
>>> On Sun, Feb 12, 2012 at 11:58:05PM +0530, Deepak C Shetty wrote:
>>>> Hi,
>>>>     I have tried this multiple times and i hit the same error.
>>>>
>>>> I have 3 storage domains  created (iso, data and export) all
>>>> connected to the DC with DC status as Up and
>>>> 1 host with status as Up and the same (only) host acting as SPM.
>>>>
>>>> I used the engine-iso-uploader utility to upload my .iso to the iso domain.
>>>> Created a new VM and attached a vdisk of type sparse (thin-prov) and
>>>> click on "Run Once",
>>>> where i select "Attach CD" and select my .iso, and change boot order
>>>> to boot from CD, then disk.
>>>>
>>>> But i get this error...
>>>>
>>>> VM first-ovirt-vm is down. Exit message internal error process
>>>> exited while connecting to monitor: qemu-kvm: -drive file=/rhev/data-center/4087fea7-b54a-4318-8d5c-828eff8846f4/35f880f8-bd0c-4063-b171-2ddaa59e1212/images/11111111-1111-1111-1111-111111111111/Fedora-16-x86_64-DVD.iso,if=none,media=cdrom,id=drive-ide0-1-0,readonly=on,format=raw:
>>>> could not open disk image /rhev/data-center/4087fea7-b54a-4318-8d5c-828eff8846f4/35f880f8-bd0c-4063-b171-2ddaa59e1212/images/11111111-1111-1111-1111-111111111111/Fedora-16-x86_64-DVD.iso:
>>>> Permission denied .
>>>>
>>>> I am unable to figure out why.. bcos the user.group perms for the
>>>> .iso are fine.
>>>> In fact i logged into the system serving the nfs share and added 0777 perms
>>>> still i get the same error. Here is the snip of how the perms for
>>>> .iso look like...
>>>>
>>>> ll /tmp/iso1-domain/35f880f8-bd0c-4063-b171-2ddaa59e1212/images/11111111-1111-1111-1111-111111111111/Fedora-16-x86_64-DVD.iso
>>>> -rwxr-xr-x. 1 vdsm kvm 3757047808 Feb 13 04:24 /tmp/iso1-domain/35f880f8-bd0c-4063-b171-2ddaa59e1212/images/11111111-1111-1111-1111-111111111111/Fedora-16-x86_64-DVD.iso
>>> would you try `ls -lZ` ? Does your /var/log/audit/audit.log shows an
>>> selinux problem? What's `getenforce`? And `getsebool virt_use_nfs`?
>> Hi Dan,
>>      Thanks for the hint, after setting virt_use_nfs, it worked for me.
>> Strangely VDSM should have set it, not sure why it didn't.
> I suppose this is related to the fact that your `semanage` hangs. Please
> help us understand why.
>
Hello Dan,
     This is what strace dumped, when i attached to the semanage process.
Note that i am only pasting the last few lines.. as the dump was large...
Let me know if you need to entire dump...

write(6, "/usr/share/system-config-netboot"..., 89) = 89
write(6, "/usr/share/system-config-soundca"..., 89) = 89
write(6, "/usr/share/system-config-kdump/s"..., 103) = 103
write(6, "/usr/share/system-config-selinux"..., 104) = 104
write(6, "/usr/share/system-config-rootpas"..., 95) = 95
write(6, "/usr/share/system-config-securit"..., 101) = 101
write(6, "/usr/share/system-config-service"..., 109) = 109
read(5, "", 4096)                       = 0
close(5)                                = 0
munmap(0x7f8291b3d000, 4096)            = 0
close(6)                                = 0
close(7)                                = 0
open("/etc/selinux/targeted/modules/tmp/seusers.final", 
O_WRONLY|O_CREAT|O_TRUNC, 0600) = 5
write(5, "system_u:system_u:s0-s0:c0.c1023"..., 106) = 106
close(5)                                = 0
open("/etc/selinux/targeted/modules/tmp/users_extra", 
O_WRONLY|O_CREAT|O_TRUNC, 0600) = 5
write(5, "user user_u prefix user;\nuser st"..., 101) = 101
close(5)                                = 0
open("/etc/selinux/targeted/modules/tmp/netfilter_contexts", 
O_WRONLY|O_CREAT|O_TRUNC, 0600) = 5
write(5, "", 0)                         = 0
close(5)                                = 0

More information about the Users mailing list