On 09/22/2013 12:46 AM, yue wrote:
when 'virsh start testname-1' failed, but i can start it
throught commandline which is copy from libvirtd.log.
When you run qemu from the shell, you are running it as root. When
libvirt runs qemu, it is running it as the user/group that is given
in /etc/libvirt/qemu.conf. Generally that user/group is *not* root,
but some other account that has drastically reduced privileges.
selinux is disabled now.
libvirtError: internal error Process exited while reading
console log output: char device redirected to /dev/pts/3
could not open disk image
Operation not permitted
If selinux is disabled, then this failure has no relation to
type=VIRT_CONTROL msg=audit(1379810795.213:41569): user
pid=1637 uid=0 auid=4294967295 ses=4294967295
op=start reason=booted vm="testname-1"
exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=?
This is not an selinux AVC message, it is just a very general
libvirt-generated audit message saying "you tried to start
'testname-1' and it failed".
You should verify that every component of the path to the image file
has at least r and x permissions for the user/group that is set in
/var/log/libvirt/qemu.conf. Also, note that if your images are on a
root-squashing NFS server (very common with RHEV), you will need to
set dynamic_ownership=0 in qemu.conf.