Wind River Support Network

HomeDefectsOVP-919
Fixed

OVP-919 : [ovp phase2] Failed to start vm with pci-passthrough when selinux enabled

Created: Nov 26, 2013    Updated: Mar 11, 2016
Resolved Date: Dec 10, 2013
Found In Version: 5.0.1
Fix Version: 5.0.1.11
Severity: Severe
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

When disable the selinux, it will pass.

Fail log
--------
error: Failed to start domain vm1
error: unable to set security context 'system_u:object_r:svirt_image_t:s0:c569,c736' on '/sys/bus/pci/devices/0000:01:00.1/reset': Permission denied


passthrough_libvirt.xml 
----------------------------
<domain type='kvm'>
  <name>vm1</name>
  <memory>1024000</memory>
  <currentMemory>512000</currentMemory>
  <vcpu>2</vcpu>
  <cpu>
      <arch>x86_64</arch>
      <model>Nehalem</model>
      <vendor>Intel</vendor>
  </cpu>
  <os>
    <type>hvm</type>
    <boot dev='hd' />
    <kernel>/boot/guest.kernel</kernel>
    <cmdline>console=ttyS0 root=/dev/vda rw </cmdline>
  </os>
  <devices>
    <disk type='file' device='disk'>
      <source file='/boot/guest_raw.test' />
      <target dev='vda' bus='virtio'/>
    </disk>
    <serial type='file'>
      <source path='/opt/wr-test/testcases/ovp/passthrough_libvirt/passthrough_libvirt-serial.log'/>
      <target port='0'/>
    </serial>
    <console type='file'>
      <source path='/opt/wr-test/testcases/ovp/passthrough_libvirt/passthrough_libvirt-serial.log'/>
      <target type='serial' port='0'/>
    </console>
     <interface type='network'>
          <mac address='de:ef:be:92:63:ea'/>
          <source network='default'/>
          <model type='virtio'/>    
     </interface>
     <hostdev mode='subsystem' type='pci' managed='yes'>
       <source>
         <address domain='0x0000' bus='0x01' slot='0x00' function='0x1'/>
       </source>
     </hostdev>
  </devices>
</domain>


Account:  For xml, you need modifying the parameter of pci ethernet controller to match your own environment.

Workaround

Disable selinux with :  selinux=0 enforcing=0

Steps to Reproduce

1> /lpg-build/cdc/fast_prod/wrlinuxovp/wrlinux-x/wrlinux/configure --enable-board=x86-64-kvm-guest --enable-rootfs=ovp-guest --enable-addons=wr-ovp --with-layer=/folk/swang1/layer/wr-testing-1/ovp-test --with-template=feature/ovp-test --enable-parallel-pkgbuilds=16 --enable-jobs=16 --with-sstate-dir=/buildarea1/swang1/PUBLIC_SSTATES/ovp/x86-64-kvm-guest

2> /lpg-build/cdc/fast_prod/wrlinuxovp/wrlinux-x/wrlinux/configure --enable-board=intel-xeon-core --enable-rootfs=ovp-kvm --enable-addons=wr-ovp --with-layer=/folk/swang1/layer/wr-testing-1/ovp-test --with-template=feature/ovp-test --with-package=wrs-kvm-helper --enable-jobs=16 --enable-parallel-pkgbuilds=16 --with-sstate-dir=/buildarea2/swang1/PUBLIC_SSTATES/ovp/intel-xeon-core

3> Deploy host image on board, copy guest images to board named /boot/guest.kernel and /boot/guest_raw.test

4>  virsh define passthrough_libvirt.xml 

5>  virsh start vm1

Other Downloads

Live chat
Online
  • Linkedin
  • Facebook
  • Twitter
  • Youtube