81 Replies
man 😭
all there first 3 are you.
yes
😂
the curse continues
this is most likely a libvirt workaround not getting run
lets just see if the flatpak works for you now that its getting built
I wonder if I need the kvmfr module or smth?
there were a lot of options in the
ujust setup-virtualization command
I already added myself to the libvirt group too, so I would've thought the permissions would work fine
nope
maybe its the libvirtd group?
everything else should not be necessary
oh damn
nathaniel wheel libvirti am pretty sure its selinux being amazing as always
ok, so selinux didn't work, the exact same error is still there 😭
make sure the location exist to begin with?
sudo ls /var/log/libvirt/
we had the swtpm location not exist so wouldnt surprise me this is an new packaging thing we need to manually fix once again in the ujustit does yeah. The log doesn't, but I assume that the permission denied is due to not being able to write
it is write protected though
location owned by root
yep
thats actually more restrictive than mine tho
virtlogd runs fine for me though
try
systemctl status virtlogdjournalctl -t virtlogd
only thing i can think of is just sudo restorecon -r /var/log/libvirt-- No entries --
OH that made it progress further actually
new error:
now it doesn't like that my iso is in my downloads folder
but putting it in
/tmp didn't work either
its weird too, because virt-manager had the permissions required to modify the owner of the file, but for some reason can't read it??
it doesn't appear to be an selinux thing. I set selinux to be permissive and tried again, and it still didn't work. I'm at a complete loss here, this is pretty far out of my current depth 😅
because its still selinux
probably needs this rule
iirc this should let you give it acces to any random file that is unlabeled
idk how to apply this actually. I've never messed with selinux
make it into a file named
my-libvirt.te
then just do what we did for kvmfr
just change it match
first line converts the .te to a .mod
2nd one packages the .mod as a .pp
then last one installs the selinux module policyDid we do something with kvmfr?
I don't think I did
the lines are yanked out from the ujust if you read them since i said "do what we did for kvmfr"
i was busy making sure my food didnt start a fire in the kitchen
I never did the kvmfr module. Doni need to?
Lmao how dare 😂
then read my message
i gave you the policy i have for libvirt
Right so do I need to do the "enable kvmfr module" in the ujust command? Because I haven't done that yet if I need fo
save it as
.te
do what our kvmfr does for its policy but just you know, edit the path to match for your .te file
please read what i am sayingI'm trying
save as
whatever.teAight I'll go back and do the thing then. Sounds like I don't need the ujust bit
then do whats done here but change it so instead of kvmfr its whatever you named your file but keep the extensions, change the path to wherever the file is
ok, so I don't have an
selinux_te directory in my ~/.config
do the directory locations matter or am I just converting files and applying at the end?change the path to wherever the
.te file you made is
and change the other paths to match too
as each will make a new file
last one will use the final file and apply the policy to selinuxok cool I think I'm following
gimme sec
good because i have now repeated myself 3 times 😂
and if you want to keep the files organized just make the selinux_te folder and stuff and put it all there
ok, I think I applied it. How would I check?
restart virt manager and try?
no dice
try
sudo selinux -R and try again
if that doesnt work then we will go more nuclear
sorry
semodule
its late here
haha no worries
time for nuclear ig
lmao
same error
ok
sudo semodule -r my-libvirt; rm my-libvirt.*
then
sudo grep libvirt /var/log/audit/audit.log | audit2allow -M my-libvirt
whatever libvirt is complaining about it will be given accessyep
do as it says
oh wait hangon
oh ok
I didnd't do this bit
sudo rm my-libvirt.*if it made the pp file then its fine to not have run it
uhh
check your spelling 😂
ok cool, I applied it
try again I assume?
at least i will go to bed in high spirits at this point haha
yup and if this doesnt work try a reboot
glad I could raise them hahaha
since we should have gone full "libvirt do whatever you were denied"
ok no dice, time for a reboot. brb
same error after reboot
could also be that you need to move your isos to be in a system location not in home
I tried tmp, and it didn't like that. Maybe opt?
oh it defaults to wanting
/var/lib/libvirt/images I could try that toobecause only difference now is that mine are in /mnt/Orico/ISO
with owner qemu:qemu
with permissions 777 so i can still easily add isos to it
HELLS YEAH
Solution
/var/lib/libvirt/images workedoh my god LOL
all that and it was just the damn location lmaooooo
i am pretty sure it doesnt like grabbing isos from peoples home folders
because thats a giant permission mess
facinating
is it a giant permission mess specifically because atomic, or is that just typically how it goes even on "normal" distros?
well imagine you are specifically allowed to use the bar at a club, but the guard does not let you in because youre not allowed to, even though you are explicitly given permission to access the bar
same thing
libvirt does not have access to your home folder
ahhhh
I assumed the stuff was running under my user, but it's not is it?
libvirt runs under qemu and libvirt
ahhhh, there we go! 😄
essentially psuedo root, but with restrictions to specific locations
makes sense to me! thanks so much!!
wild ride 😂
oh btw @HikariKnight is there anything I need to undo to put it back to what it was before (assuming that possibly the things we did aren't necessary)?
or do you hthink that the selinux stuff was still likely necessary?
you can keep the pp file and just remove the rule
sudo semodule -r my-libvirt
if you get issues just reapply it
thanks a ton!!