On Thu, 2011-04-21 at 18:01 +0200, Kenni Lund wrote:
2011/4/21 Johnny Hughes johnny@centos.org:
On 04/21/2011 06:11 AM, David McGuffey wrote:
redlibvirtError: internal error Process exited while reading console log output: qemu: could not open disk image /dev/hda
You should not need to do anything in virsh to dump a file ... there should be an xml file in /etc/libvirt/qemu/ for every VM already.
The XML-files in /etc/libvirt/qemu represent libvirt defined VMs, you should never edit these files directly while the libvirtd service is running. You should either use 'virsh edit [vm_name]' or alternatively virsh dump followed by virsh define. If you edit the file directly while some manager is running (like virt-manager in CentOS), your changes will most likely conflict with, or get overwritten by, virt-manager. Nothing critical should happen, but I don't see any reason for encouraging doing it The Wrong Way(TM).
Best regards Kenni
Problem may be an SELinux problem. Here is the alert. Notice the reference to '/dev/hda' (which is the virtual machine boot disk), and the SELinux context 'virt_content_t'
I'm going to create /.autorelable and reboot to ensure the upgrade properly relabled the filesystems.
Summary:
SELinux is preventing pam_console_app (pam_console_t) "getattr" to /dev/hda (virt_content_t).
Detailed Description:
SELinux denied access requested by pam_console_app. It is not expected that this access is required by pam_console_app and this access may signal an intrusion attempt. It is also possible that the specific version or configuration of the application is causing it to require additional access.
Allowing Access:
Sometimes labeling problems can cause SELinux denials. You could try to restore the default system file context for /dev/hda,
restorecon -v '/dev/hda'
If this does not work, there is currently no automatic way to allow this access. Instead, you can generate a local policy module to allow this access - see FAQ (http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can disable SELinux protection altogether. Disabling SELinux protection is not recommended. Please file a bug report (http://bugzilla.redhat.com/bugzilla/enter_bug.cgi) against this package.
Additional Information:
Source Context system_u:system_r:pam_console_t:SystemLow- SystemHigh Target Context system_u:object_r:virt_content_t Target Objects /dev/hda [ blk_file ] Source pam_console_app Source Path /sbin/pam_console_apply Port <Unknown> Host desk@mydomain.net Source RPM Packages pam-0.99.6.2-6.el5_5.2 Target RPM Packages Policy RPM selinux-policy-2.4.6-300.el5 Selinux Enabled True Policy Type targeted MLS Enabled True Enforcing Mode Enforcing Plugin Name catchall_file Host Name desk@mydomain.net Platform Linux desk@mydomain.net 2.6.18-238.9.1.el5 #1 SMP Tue Apr 12 18:10:13 EDT 2011 x86_64 x86_64 Alert Count 48 First Seen Wed 13 Apr 2011 08:41:32 AM EDT Last Seen Thu 21 Apr 2011 07:05:23 AM EDT Local ID 9ee6c9a9-3eda-4082-84d3-5741ea9ff688 Line Numbers
Raw Audit Messages
host= desk@mydomain.net type=AVC msg=audit(1303383923.130:356): avc: denied { getattr } for pid=15025 comm="pam_console_app" path="/dev/hda" dev=tmpfs ino=6206 scontext=system_u:system_r:pam_console_t:s0-s0:c0.c1023 tcontext=system_u:object_r:virt_content_t:s0 tclass=blk_file
host= desk@mydomain.net type=SYSCALL msg=audit(1303383923.130:356): arch=c000003e syscall=4 success=no exit=-13 a0=7fff2014b170 a1=7fff2014b1a0 a2=7fff2014b1a0 a3=18cba490 items=0 ppid=15014 pid=15025 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="pam_console_app" exe="/sbin/pam_console_apply" subj=system_u:system_r:pam_console_t:s0-s0:c0.c1023 key=(null)
Dave M