-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/21/2011 09:47 PM, David McGuffey wrote: > > On Thu, 2011-04-21 at 21:09 -0400, David McGuffey wrote: >> On Thu, 2011-04-21 at 18:01 +0200, Kenni Lund wrote: >>> 2011/4/21 Johnny Hughes <johnny at centos.org>: >>>> On 04/21/2011 06:11 AM, David McGuffey wrote: >>>>> redlibvirtError: internal error Process exited while reading console log >>>>> output: qemu: could not open disk image /dev/hda >>>> >>>> You should not need to do anything in virsh to dump a file ... there >>>> should be an xml file in /etc/libvirt/qemu/ for every VM already. >>> >>> The XML-files in /etc/libvirt/qemu represent libvirt defined VMs, you >>> should never edit these files directly while the libvirtd service is >>> running. You should either use 'virsh edit [vm_name]' or alternatively >>> virsh dump followed by virsh define. If you edit the file directly >>> while some manager is running (like virt-manager in CentOS), your >>> changes will most likely conflict with, or get overwritten by, >>> virt-manager. Nothing critical should happen, but I don't see any >>> reason for encouraging doing it The Wrong Way(TM). >>> >>> Best regards >>> Kenni >> >> Problem may be an SELinux problem. Here is the alert. Notice the >> reference to '/dev/hda' (which is the virtual machine boot disk), and >> the SELinux context 'virt_content_t' >> >> I'm going to create /.autorelable and reboot to ensure the upgrade >> properly relabled the filesystems. >> >> >> Summary: >> >> SELinux is preventing pam_console_app (pam_console_t) "getattr" >> to /dev/hda >> (virt_content_t). >> >> Detailed Description: >> >> SELinux denied access requested by pam_console_app. It is not expected >> that this >> access is required by pam_console_app and this access may signal an >> intrusion >> attempt. It is also possible that the specific version or configuration >> of the >> application is causing it to require additional access. >> >> Allowing Access: >> >> Sometimes labeling problems can cause SELinux denials. You could try to >> restore >> the default system file context for /dev/hda, >> >> restorecon -v '/dev/hda' >> > > Yep...each time I try to start the VM, sealert increments this error by > one. > > I created /.autorelable and rebooted. SELinux relabeled everything, but > the sealert still fires when I try to start the VM. > > I did a qemu-img <path_to_vm>/vm.img and the format is declared 'raw' > Therefore I should not be editing the vm.xml file and changing 'raw' to > 'qcow2' > > Problem is definately with the SELlnux labels in the 5.6 upgrade. > > Dave M > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos This is an SELinux issue. It really has no effect on the virtual machine. The problem is the label is not something pam_console policy expected to have on a blk device. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAk2xVdgACgkQrlYvE4MpobOAGwCfW9TiLJYsytvvoPl3Kcxfz7w6 iA8An2+Qt0QrKTzp3CyCRVu+sJIKe7wn =JblK -----END PGP SIGNATURE-----