View Issue Details

IDProjectCategoryView StatusLast Update
0006678CentOS-6virt-viewerpublic2014-10-19 16:07
Reportersjsam 
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionno change required 
Platformx86_64OSCentOSOS Version6.4
Product Version6.4 
Target VersionFixed in Version 
Summary0006678: Viewer Connection to the hypervisor host got refused or disconnected
DescriptionAfter I start a virtual machine(VM) in the virtual machine manager and click the "Open" button I get this error :
"Viewer Connection to the hypervisor host got refused or disconnected"

But now, if I try to view the GUI of the VM running the virt-manager command line, the I can connect to it without any problem.
Also, if I try tiger vnc viewer or vinagre now to connect to the already started virtual machine , the job is done !

Details of the my virtual machine is as follows :
--------------------------------------------------------------------------

<!--
WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
OVERWRITTEN AND LOST. Changes to this xml configuration should be made
using: virsh edit server1.example.com or other application using the
libvirt API.
-->

<domain type='kvm'>
<name>server1.example.com</name>
<uuid>ca13796e-5917-bff4-b4ca-1203f660cbb2</uuid>
<memory unit='KiB'>1048576</memory>
<currentMemory unit='KiB'>1048576</currentMemory>
<vcpu placement='static'>1</vcpu>
<os>
<type arch='x86_64' machine='CentOS'>hvm</type>
<boot dev='hd'/>
</os>
<features>
<acpi/>
<apic/>
<pae/>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<devices>
<emulator>/usr/libexec/qemu-kvm</emulator>
<disk type='file' device='disk'>
  <driver name='qemu' type='raw' cache='none'/>
  <source file='/var/lib/libvirt/images/server1.example.com.img'/>
  <target dev='hda' bus='ide'/>
  <address type='drive' controller='0' bus='0' target='0' unit='0'/>
</disk>
<disk type='block' device='cdrom'>
  <driver name='qemu' type='raw'/>
  <target dev='hdc' bus='ide'/>
  <readonly/>
  <address type='drive' controller='0' bus='1' target='0' unit='0'/>
</disk>
<controller type='usb' index='0'>
</controller>
<controller type='ide' index='0'>
  <address type='pci' domain='0x0000' bus='0x00' slot='0x01'
function='0x1'/>
</controller>
<interface type='network'>
  <mac address='52:54:00:e1:ba:1e'/>
  <source network='default'/>
  <address type='pci' domain='0x0000' bus='0x00' slot='0x03'
  function='0x0'/>
</interface>
<serial type='pty'>
  <target port='0'/>
</serial>
<console type='pty'>
  <target type='serial' port='0'/>
</console>
<input type='mouse' bus='ps2'/>
<graphics type='vnc' port='5901' autoport='no' listen='127.0.0.1'>
  <listen type='address' address='127.0.0.1'/>
</graphics>

--------------------------------------------------------------------------

The Versions of my virtualization packages are as follows :

libvirt.x86_64 0.10.2-18.el6
libvirt-client.x86_64 0.10.2-18.el6
libvirt-python.x86_64 0.10.2-18.el6
python-virtinst.noarch 0.600.0-15.el6 virt-manager.x86_64 0.9.0-18.el6
virt-viewer.x86_64 0.5.2-18.el6
virt-what.x86_64 1.11-1.2.el6

-------------------------------------------------------------------------------
 






Steps To Reproduce1. Start the virtual machine manager by either running the virt-manager command or from start menu (Application->System Tools->Virtual Machine Manager)
2. Connect to the hypervisor
3. Start a Virtual Machine.
(I verified the VM is actually running by the "virsh list" command)
4. Click the Open Button in the Virtual Machine Manager to connect to VM GUI.
Additional InformationI am doubtful to actually relate a selinux policy violation to this issue.
but what I got is given below :
_________________________________________________________________________________

SELinux is preventing /usr/libexec/qemu-kvm from write access on the file /var/lib/libvirt/images/server1.example.com.img.

***** Plugin restorecon (99.5 confidence) suggests *************************

If you want to fix the label.
/var/lib/libvirt/images/server1.example.com.img default label should be virt_image_t.
Then you can run restorecon.
Do
# /sbin/restorecon -v /var/lib/libvirt/images/server1.example.com.img

***** Plugin catchall (1.49 confidence) suggests ***************************

If you believe that qemu-kvm should be allowed write access on the server1.example.com.img file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep qemu-kvm /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp

Additional Information:
Source Context unconfined_u:system_r:svirt_t:s0:c705,c856
Target Context unconfined_u:object_r:svirt_image_t:s0:c241,c526
Target Objects /var/lib/libvirt/images/server1.example.com.img [
                              file ]
Source qemu-kvm
Source Path /usr/libexec/qemu-kvm
Port <Unknown>
Host centos.distro
Source RPM Packages qemu-kvm-0.12.1.2-2.355.0.1.el6.centos.7.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.7.19-195.el6_4.12.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name centos.distro
Platform Linux centos.distro 2.6.32-358.14.1.el6.x86_64 #1
                              SMP Tue Jul 16 23:51:20 UTC 2013 x86_64 x86_64
Alert Count 53
First Seen Sat 21 Sep 2013 11:40:02 AM IST
Last Seen Sat 21 Sep 2013 11:40:07 AM IST
Local ID 190de4a5-2754-4877-ab9b-3fd7451f3c6b

Raw Audit Messages
type=AVC msg=audit(1379743807.582:1484): avc: denied { write } for pid=30578 comm="qemu-kvm" path="/var/lib/libvirt/images/server1.example.com.img" dev=sda2 ino=394694 scontext=unconfined_u:system_r:svirt_t:s0:c705,c856 tcontext=unconfined_u:object_r:svirt_image_t:s0:c241,c526 tclass=file


type=SYSCALL msg=audit(1379743807.582:1484): arch=x86_64 syscall=pwrite success=no exit=EACCES a0=9 a1=7f7885a83000 a2=1000 a3=12d00000 items=0 ppid=1 pid=30578 auid=500 uid=107 gid=107 euid=107 suid=107 fsuid=107 egid=107 sgid=107 fsgid=107 tty=(none) ses=1 comm=qemu-kvm exe=/usr/libexec/qemu-kvm subj=unconfined_u:system_r:svirt_t:s0:c705,c856 key=(null)

Hash: qemu-kvm,svirt_t,svirt_image_t,file,write

audit2allow

#============= svirt_t ==============

#!!!! This avc is a constraint violation. You will need to add an attribute to either the source or target type to make it work.
#Contraint rule:
allow svirt_t svirt_image_t:file write;

audit2allow -R

#============= svirt_t ==============

#!!!! This avc is a constraint violation. You will need to add an attribute to either the source or target type to make it work.
#Contraint rule:
allow svirt_t svirt_image_t:file write;
_________________________________________________________________________________

A quick look at the http://libvirt.org/drvqemu.html gave some insight
and I changed the type of the image accordingly.
TagsNo tags attached.

Activities

sjsam

sjsam

2013-09-22 17:51

reporter  

CentOSbug.png (70,025 bytes)
CentOSbug.png (70,025 bytes)
sjsam

sjsam

2014-10-19 05:13

reporter   ~0021186

This issue is fixed by adding "localhost" to /etc/hosts
This case can be considered closed.
tigalch

tigalch

2014-10-19 16:07

manager   ~0021187

Marking Closed per reporters feedback

Issue History

Date Modified Username Field Change
2013-09-22 17:51 sjsam New Issue
2013-09-22 17:51 sjsam File Added: CentOSbug.png
2014-10-19 05:13 sjsam Note Added: 0021186
2014-10-19 16:07 tigalch Note Added: 0021187
2014-10-19 16:07 tigalch Status new => closed
2014-10-19 16:07 tigalch Resolution open => no change required