Dear All,
since upgrading from 6.5 to 6.6 I get the following error message when trying to start a VM in virt-manager:
Error starting domain: unsupported configuration: Domain requires KVM, but it is not available. Check that virtualization is enabled in the host BIOS, and host configuration is setup to load the kvm modules.
Qemu-kvm package is installed, kvm module is loaded and virtualization is activated in BIOS.
Does anyone happen to know what the issue is?
On 10/31/2014 07:00 AM, Chris wrote:
Does anyone happen to know what the issue is?
[root@cd chris]# modprobe kvm_intel FATAL: Error inserting kvm_intel (/lib/modules/2.6.32-504.el6.x86_64/kernel/arch/x86/kvm/kvm-intel.ko): Operation not supported
It was no problem in 6.5 ...
On 10/31/2014 07:10 AM, Chris wrote:
[root@cd chris]# modprobe kvm_intel FATAL: Error inserting kvm_intel (/lib/modules/2.6.32-504.el6.x86_64/kernel/arch/x86/kvm/kvm-intel.ko): Operation not supported
It's neither working with the 2.6.32-431.29.2.el6.x86_64 kernel.
On 10/31/2014 08:09 AM, Chris wrote:
[root@cd chris]# modprobe kvm_intel FATAL: Error inserting kvm_intel (/lib/modules/2.6.32-504.el6.x86_64/kernel/arch/x86/kvm/kvm-intel.ko): Operation not supported
It's neither working with the 2.6.32-431.29.2.el6.x86_64 kernel.
Okay, /var/log/messages says
Oct 31 08:10:07 cd kernel: kvm: disabled by bios
Virtualization is enabled in BIOS and I've no further options in the BIOS concerning virtualization ...
On 31/10/14 07:21, Chris wrote:
On 10/31/2014 08:12 AM, Chris wrote:
Virtualization is enabled in BIOS and I've no further options in the BIOS concerning virtualization ...
SELinux was permissive. It has to be disabled.
can you post the relevant selinux audit.log entries that were preventing kvm's ko to be loaded ?
On 10/31/2014 10:47 AM, Karanbir Singh wrote:
can you post the relevant selinux audit.log entries that were preventing kvm's ko to be loaded ?
Sure.
type=VIRT_CONTROL msg=audit(1414739214.851:62): user pid=2911 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm op=start reason=booted vm=" tor2" uuid=xxx vm-pid=-1 exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=? res=failed'
On 10/31/2014 06:06 AM, Chris wrote:
On 10/31/2014 10:47 AM, Karanbir Singh wrote:
can you post the relevant selinux audit.log entries that were preventing kvm's ko to be loaded ?
Sure.
type=VIRT_CONTROL msg=audit(1414739214.851:62): user pid=2911 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm op=start reason=booted vm=" tor2" uuid=xxx vm-pid=-1 exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=? res=failed'
Those are not avc's they are standard audit logs and have nothing to do with SELinux.
On Fri, Oct 31, 2014 at 08:21:37AM +0100, Chris wrote:
On 10/31/2014 08:12 AM, Chris wrote:
Virtualization is enabled in BIOS and I've no further options in the BIOS concerning virtualization ...
SELinux was permissive. It has to be disabled.
SELinux should not be preventing you from loading the kvm_intel module. Something is wrong somewhere else. Is there an AVC entry in the audit logs for when you try to load the module?
On 10/31/2014 08:12 PM, Jonathan Billings wrote:
SELinux should not be preventing you from loading the kvm_intel module. Something is wrong somewhere else. Is there an AVC entry in the audit logs for when you try to load the module?
There are many:
messages:Oct 30 15:54:47 cd dbus: avc: received policyload notice (seqno=2) messages:Oct 30 15:54:47 cd dbus: avc: received policyload notice (seqno=2) messages:Oct 31 06:45:57 cd kernel: type=1400 audit(1414734345.936:3): avc: denied { write } for pid=1529 comm="prelink" name="/" dev=tmpfs ino=5771 scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir messages:Oct 31 06:45:57 cd kernel: type=1400 audit(1414734345.936:4): avc: denied { add_name } for pid=1529 comm="prelink" name="#prelink#.508OFB" scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir messages:Oct 31 06:45:57 cd kernel: type=1400 audit(1414734345.937:5): avc: denied { create } for pid=1529 comm="prelink" name="#prelink#.508OFB" scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file messages:Oct 31 06:45:57 cd kernel: type=1400 audit(1414734345.937:6): avc: denied { open } for pid=1529 comm="prelink" name="#prelink#.508OFB" dev=tmpfs ino=12231 scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file messages:Oct 31 06:45:57 cd kernel: type=1400 audit(1414734345.938:7): avc: denied { setattr } for pid=1530 comm="prelink" name="#prelink#.hDVBGB" dev=tmpfs ino=12232 scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file messages:Oct 31 06:45:57 cd kernel: type=1400 audit(1414734345.939:9): avc: denied { relabelfrom } for pid=1529 comm="prelink" name="#prelink#.508OFB" dev=tmpfs ino=12231 scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file messages:Oct 31 06:52:06 cd kernel: type=1400 audit(1414734715.889:3): avc: denied { write } for pid=1530 comm="prelink" name="/" dev=tmpfs ino=5771 scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir messages:Oct 31 06:52:06 cd kernel: type=1400 audit(1414734715.889:4): avc: denied { add_name } for pid=1530 comm="prelink" name="#prelink#.jepEMr" scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir messages:Oct 31 06:52:06 cd kernel: type=1400 audit(1414734715.889:5): avc: denied { create } for pid=1530 comm="prelink" name="#prelink#.jepEMr" scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file messages:Oct 31 06:52:06 cd kernel: type=1400 audit(1414734715.889:6): avc: denied { open } for pid=1530 comm="prelink" name="#prelink#.jepEMr" dev=tmpfs ino=12240 scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file messages:Oct 31 06:52:06 cd kernel: type=1400 audit(1414734715.889:7): avc: denied { write } for pid=1529 comm="prelink" name="/" dev=tmpfs ino=5771 scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir messages:Oct 31 06:52:06 cd kernel: type=1400 audit(1414734715.891:8): avc: denied { setattr } for pid=1529 comm="prelink" name="#prelink#.SI8xMr" dev=tmpfs ino=12241 scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file messages:Oct 31 06:52:06 cd kernel: type=1400 audit(1414734715.893:9): avc: denied { relabelfrom } for pid=1530 comm="prelink" name="#prelink#.jepEMr" dev=tmpfs ino=12240 scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file messages:Oct 31 06:52:06 cd kernel: type=1400 audit(1414734715.896:10): avc: denied { remove_name } for pid=1530 comm="prelink" name="#prelink#.jepEMr" dev=tmpfs ino=12240 scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir messages:Oct 31 08:03:36 cd kernel: type=1400 audit(1414739004.471:3): avc: denied { write } for pid=1536 comm="prelink" name="/" dev=tmpfs ino=5693 scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir messages:Oct 31 08:03:36 cd kernel: type=1400 audit(1414739004.471:4): avc: denied { add_name } for pid=1536 comm="prelink" name="#prelink#.eckYE7" scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir messages:Oct 31 08:03:36 cd kernel: type=1400 audit(1414739004.471:5): avc: denied { create } for pid=1536 comm="prelink" name="#prelink#.eckYE7" scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file messages:Oct 31 08:03:36 cd kernel: type=1400 audit(1414739004.471:6): avc: denied { open } for pid=1536 comm="prelink" name="#prelink#.eckYE7" dev=tmpfs ino=12208 scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file messages:Oct 31 08:03:36 cd kernel: type=1400 audit(1414739004.473:7): avc: denied { setattr } for pid=1536 comm="prelink" name="#prelink#.eckYE7" dev=tmpfs ino=12208 scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file messages:Oct 31 08:03:36 cd kernel: type=1400 audit(1414739004.474:8): avc: denied { relabelfrom } for pid=1535 comm="prelink" name="#prelink#.C5DoF7" dev=tmpfs ino=12209 scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file messages:Oct 31 08:03:36 cd kernel: type=1400 audit(1414739004.474:9): avc: denied { relabelfrom } for pid=1536 comm="prelink" name="#prelink#.eckYE7" dev=tmpfs ino=12208 scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file messages:Oct 31 08:03:36 cd kernel: type=1400 audit(1414739004.479:10): avc: denied { remove_name } for pid=1536 comm="prelink" name="#prelink#.eckYE7" dev=tmpfs ino=12208 scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir messages:Oct 31 08:16:22 cd kernel: type=1400 audit(1414739770.962:3): avc: denied { write } for pid=1554 comm="prelink" name="/" dev=tmpfs ino=5771 scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir messages:Oct 31 08:16:22 cd kernel: type=1400 audit(1414739770.962:4): avc: denied { add_name } for pid=1554 comm="prelink" name="#prelink#.rIXw8c" scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir messages:Oct 31 08:16:22 cd kernel: type=1400 audit(1414739770.963:5): avc: denied { create } for pid=1554 comm="prelink" name="#prelink#.rIXw8c" scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file messages:Oct 31 08:16:22 cd kernel: type=1400 audit(1414739770.963:6): avc: denied { open } for pid=1554 comm="prelink" name="#prelink#.rIXw8c" dev=tmpfs ino=12241 scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file messages:Oct 31 08:16:22 cd kernel: type=1400 audit(1414739770.964:7): avc: denied { setattr } for pid=1555 comm="prelink" name="#prelink#.BFWz8c" dev=tmpfs ino=12242 scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file messages:Oct 31 08:16:22 cd kernel: type=1400 audit(1414739770.965:8): avc: denied { relabelfrom } for pid=1554 comm="prelink" name="#prelink#.rIXw8c" dev=tmpfs ino=12241 scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=file messages:Oct 31 08:16:22 cd kernel: type=1400 audit(1414739770.970:10): avc: denied { remove_name } for pid=1554 comm="prelink" name="#prelink#.rIXw8c" dev=tmpfs ino=12241 scontext=system_u:system_r:prelink_mask_t:s0-s0:c0.c1023 tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir
On 11/01/2014 12:12 AM, Chris wrote:
On 10/31/2014 08:12 PM, Jonathan Billings wrote:
Is there an AVC entry in the audit logs for when you try to load the module?
I cannot say for sure if those entries were created when starting the vm or when rebooting the physical host.
These avc's have nothing to do with virtualization, they are about prelink, and would have no effect on whether or not you can run VM's/