[libvirt] snapshot-create-as Permission denied

Kashyap Chamarthy kchamart at redhat.com
Mon May 27 03:41:40 UTC 2013 

On 05/27/2013 08:26 AM, yue wrote:
> hi.
> my environment: centos 6.3, qemu 1.5(source code build), 

I don't know how you've built or what else have you included/excluded in it.

> libvirt libvirt-0.10.2-18.el6_4.2.x86_64.selinux enforce .
>  i have 2 questions
> 1.snapshot. permisson deny.
> dumpxml:
>  <seclabel type='dynamic' model='selinux' relabel='yes'>
>     <label>system_u:system_r:svirt_t:s0:c33,c172</label>
>     <imagelabel>system_u:object_r:svirt_image_t:s0:c33,c172</imagelabel>
>   </seclabel>
> command line:
> [root at ovirtdev images]# ls -lZ
> -rw-r--r--. qemu qemu system_u:object_r:virt_image_t:s0 test.qcow2
> image does not have the same MLS?
> it does not seem like a selinux problem, because selinix does not record this deny.

Also can you check what's the context of your SELinux process ?

	$ ps -eZ | grep qemu-kvm


Working here just fine (but this is Fedora 19):
---------
$ ls -lZ /home/test/vmimages/regular-guest.qcow2
-rw-r--r--. qemu qemu system_u:object_r:svirt_image_t:s0:c390,c525
/home/test/vmimages/regular-guest.qcow2

$ ps -eZ | grep -i qemu
system_u:system_r:svirt_t:s0:c390,c525 1969 ?  04:21:20 qemu-system-x86

$ virsh dumpxml regular-guest | grep seclabel -A4
  <seclabel type='dynamic' model='selinux' relabel='yes'>
    <label>system_u:system_r:svirt_t:s0:c390,c525</label>
    <imagelabel>system_u:object_r:svirt_image_t:s0:c390,c525</imagelabel>
  </seclabel>
---------

> 2.vnet problem
> May 27 09:48:49 ovirtdev NetworkManager[2365]: <warn> /sys/devices/virtual/net/vnet0: couldn't determine device driver; ignoring...
> 
> [root at ovirtdev images]# brctl show
> bridge name     bridge id               STP enabled     interfaces
> ovirtmgmt               8000.000c290a2351       no              eth0
>                                                                                        vnet0
> what is the reason? does it matter with libvirt?
>  
> thanks
> 
> 
> 
> At 2013-05-25 23:41:18,"Kashyap Chamarthy" <kchamart at redhat.com> wrote:
>> On 05/25/2013 06:40 PM, yue wrote:
>>> May 25 20:50:59 ovirtdev NetworkManager[2370]: <warn> /sys/devices/virtual/net/vnet0:
>>> couldn't determine device driver; ignoring...
>>> root at ovirtdev <mailto:root at ovirtdev> images]# virsh snapshot-create-as linux snapshot1
>>> "snapshot1" --disk-only --atomic
>>> error: internal error unable to execute QEMU command 'transaction':
>>> /var/lib/libvirt/images/test.snapshot1: error while creating qcow2: Permission denied
>>
>> A few questions:
>>
>> 1/ What distribution ?
>>
>> 2/ Versions of libvirt, qemu  (some versions?
>>
>> Please note that, libvirt uses QEMU's 'transaction' command under the hood when the guest
>> is 'live'. So, if you're using an older version of QEMU, it might not have "transaction"
>> command in it.
>>
>> 3/ Are you using "virsh" independently or are you mangling libvirt commands with oVirt
>> environment ? (from your initial post, it appears it's an oVirt node).
>>
>>
>>
>> -- 
>> /kashyap
> 


-- 
/kashyap

More information about the libvir-list mailing list