Virtual Machine Manager permissions
I'm trying to create a windows vm. I want to assign a folder in /var/mnt/y to this vm. It's giving me an error saying
permission denied. I tried chmod -R 775 /var/mnt/y22 Replies
selinux blocks it from having access there
iirc you can do something like this
sudo grep libvirt /var/log/audit/audit.log | audit2allow -M my-libvirt
sudo semodule -i my-libvirt.pp
sudo grep libvirt /var/log/audit/audit.log | audit2allow -M my-libvirt
sudo semodule -i my-libvirt.pp
libsemanage.semanage_create_store: Could not read from module store, active modules subdirectory at /etc/selinux/targeted/active/modules. (Permission denied).
libsemanage.semanage_direct_connect: could not establish direct connection (Permission denied).
semodule: Could not connect to policy handler
libsemanage.semanage_create_store: Could not read from module store, active modules subdirectory at /etc/selinux/targeted/active/modules. (Permission denied).
libsemanage.semanage_direct_connect: could not establish direct connection (Permission denied).
semodule: Could not connect to policy handler
you need to restart libvirt
i think
Error creating pool: Could not build storage pool: cannot create path '/run/user/1000/doc/66e7d8f5': Permission denied
Traceback (most recent call last):
File "/app/share/virt-manager/virtManager/asyncjob.py", line 71, in cb_wrapper
callback(asyncjob, *args, **kwargs)
File "/app/share/virt-manager/virtManager/createpool.py", line 343, in _async_pool_create
poolobj = pool.install(create=True, meter=meter, build=build)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/share/virt-manager/virtinst/storage.py", line 418, in install
raise RuntimeError(errmsg)
RuntimeError: Could not build storage pool: cannot create path '/run/user/1000/doc/66e7d8f5': Permission denied
Error creating pool: Could not build storage pool: cannot create path '/run/user/1000/doc/66e7d8f5': Permission denied
Traceback (most recent call last):
File "/app/share/virt-manager/virtManager/asyncjob.py", line 71, in cb_wrapper
callback(asyncjob, *args, **kwargs)
File "/app/share/virt-manager/virtManager/createpool.py", line 343, in _async_pool_create
poolobj = pool.install(create=True, meter=meter, build=build)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/share/virt-manager/virtinst/storage.py", line 418, in install
raise RuntimeError(errmsg)
RuntimeError: Could not build storage pool: cannot create path '/run/user/1000/doc/66e7d8f5': Permission denied
make the mount permanent
is that the same as auto mounting
yes
it already auto mounts
I followed bazzite docs for it and used kde partition manager
'/run/user/1000/doc/66e7d8f5': Permission denied
'/run/user/1000/doc/66e7d8f5': Permission denied
Using the browse file changed the directory into that
manually entering the path worked
thank you for pointing that out
np 🙂
flatpak "translates" it to that run directory
Unable to complete install: 'internal error: Could not run '/usr/bin/swtpm_setup'. exitstatus: 1; Check error log '/var/log/swtpm/libvirt/qemu/win11-swtpm.log' for details.'
Traceback (most recent call last):
File "/app/share/virt-manager/virtManager/asyncjob.py", line 71, in cb_wrapper
callback(asyncjob, *args, **kwargs)
File "/app/share/virt-manager/virtManager/createvm.py", line 2008, in _do_async_install
installer.start_install(guest, meter=meter)
File "/app/share/virt-manager/virtinst/install/installer.py", line 726, in start_install
domain = self._create_guest(
^^^^^^^^^^^^^^^^^^^
File "/app/share/virt-manager/virtinst/install/installer.py", line 667, in _create_guest
domain = self.conn.createXML(initial_xml or final_xml, 0)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/lib/python3.12/site-packages/libvirt.py", line 4545, in createXML
raise libvirtError('virDomainCreateXML() failed')
libvirt.libvirtError: internal error: Could not run '/usr/bin/swtpm_setup'. exitstatus: 1; Check error log '/var/log/swtpm/libvirt/qemu/win11-swtpm.log' for details.
Unable to complete install: 'internal error: Could not run '/usr/bin/swtpm_setup'. exitstatus: 1; Check error log '/var/log/swtpm/libvirt/qemu/win11-swtpm.log' for details.'
Traceback (most recent call last):
File "/app/share/virt-manager/virtManager/asyncjob.py", line 71, in cb_wrapper
callback(asyncjob, *args, **kwargs)
File "/app/share/virt-manager/virtManager/createvm.py", line 2008, in _do_async_install
installer.start_install(guest, meter=meter)
File "/app/share/virt-manager/virtinst/install/installer.py", line 726, in start_install
domain = self._create_guest(
^^^^^^^^^^^^^^^^^^^
File "/app/share/virt-manager/virtinst/install/installer.py", line 667, in _create_guest
domain = self.conn.createXML(initial_xml or final_xml, 0)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/app/lib/python3.12/site-packages/libvirt.py", line 4545, in createXML
raise libvirtError('virDomainCreateXML() failed')
libvirt.libvirtError: internal error: Could not run '/usr/bin/swtpm_setup'. exitstatus: 1; Check error log '/var/log/swtpm/libvirt/qemu/win11-swtpm.log' for details.
how did you setup virtualization
are you up to date?
newest stable literally fixes this issue
and if youre also going to load ISOS from your home directory
then restart libvirt
sudo mkdir /var/lib/swtpm-localca
sudo chown tss /var/lib/swtpm-localca
sudo mkdir /var/lib/swtpm-localca
sudo chown tss /var/lib/swtpm-localca
sudo setfacl -m u:qemu:rx $HOME
sudo setfacl -m u:qemu:rx $HOME
file already exists
I should be up to date, I did ujust update
and I set it up with ujust setup-virtualization
did you update and reboot before you setup virtualization?
updated again just now and rebooting
its the same still
then show the content of
/var/log/swtpm/libvirt/qemu/win11-swtpm.logits empty 🤔
searched the support threads here
is supposed to fix it
sudo mkdir /var/lib/swtpm-localca
sudo chown tss /var/lib/swtpm-localca
sudo mkdir /var/lib/swtpm-localca
sudo chown tss /var/lib/swtpm-localca
Starting vTPM manufacturing as tss:tss @ Wed 29 Jan 2025 02:33:39 PM EST
Successfully created RSA 2048 EK with handle 0x81010001.
Invoking /usr/bin/swtpm_localca --type ek --ek c56ec3fb4a075f885f37fd0879836aaa50bb092362bb7704cbe75e47dbca8dee151f88d3e6e5463db461672ae1561a860ee46d36475b91039d266aa565788d89b7dcc7a2e40665e4e2f5f3f055c354fd8c2d2d0eafe9a9987f29fff3425dc89517c2db10c720fc765cdd213356c470aedc120977b1a7b5422e620dfe222a423f75af09e7b9aadb422a4329224048e637e9cbc89acfc2eceb53e2f1ba6f5bd876dcbbdbcaa47c489ce45de4fd943d4743e805bc805ec7783f2755b81434f495656c33eca7e5d0edab78f1297b9fa7db73fc1fa1b201ebe0397f417698d3578515e29ea8c7784f03e8d5d3e2b9390ead33533156993d881160e24e850e23109f1
Starting vTPM manufacturing as tss:tss @ Wed 29 Jan 2025 02:33:39 PM EST
Successfully created RSA 2048 EK with handle 0x81010001.
Invoking /usr/bin/swtpm_localca --type ek --ek c56ec3fb4a075f885f37fd0879836aaa50bb092362bb7704cbe75e47dbca8dee151f88d3e6e5463db461672ae1561a860ee46d36475b91039d266aa565788d89b7dcc7a2e40665e4e2f5f3f055c354fd8c2d2d0eafe9a9987f29fff3425dc89517c2db10c720fc765cdd213356c470aedc120977b1a7b5422e620dfe222a423f75af09e7b9aadb422a4329224048e637e9cbc89acfc2eceb53e2f1ba6f5bd876dcbbdbcaa47c489ce45de4fd943d4743e805bc805ec7783f2755b81434f495656c33eca7e5d0edab78f1297b9fa7db73fc1fa1b201ebe0397f417698d3578515e29ea8c7784f03e8d5d3e2b9390ead33533156993d881160e24e850e23109f1
9 --dir /tmp/swtpm_setup.certs.3GGU02 --logfile /var/log/swtpm/libvirt/qemu/win11-swtpm.log --vmid win11:97762286-6867-4cba-9508-a5b9dfd79d20 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options
Creating root CA and a local CA's signing key and issuer cert.
Successfully created EK certificate locally.
Invoking /usr/bin/swtpm_localca --type platform --ek c56ec3fb4a075f885f37fd0879836aaa50bb092362bb7704cbe75e47dbca8dee151f88d3e6e5463db461672ae1561a860ee46d36475b91039d266aa565788d89b7dcc7a2e40665e4e2f5f3f055c354fd8c2d2d0eafe9a9987f29fff3425dc89517c2db10c720fc765cdd213356c470aedc120977b1a7b5422e620dfe222a423f75af09e7b9aadb422a4329224048e637e9cbc89acfc2eceb53e2f1ba6f5bd876dcbbdbcaa47c489ce45de4fd943d4743e805bc805ec7783f2755b81434f495656c33eca7e5d0edab78f1297b9fa7db73fc1fa1b201ebe0397f417698d3578515e29ea8c7784f03e8d5d3e2b9390ead33533156993d881160e24e850e23109f19 --dir /tmp/swtpm_setup.certs.3GGU02 --logfile /var/log/swtpm/libvirt/qemu/win11-swtpm.log --vmid win11:97762286-6867-4cba-9508-a5b9dfd79d20 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options
Successfully created platform certificate locally.
Successfully created NVRAM area 0x1c00002 for RSA 2048 EK certificate.
Successfully created NVRAM area 0x1c08000 for platform certificate.
Successfully created ECC EK with handle 0x81010016.
Invoking /usr/bin/swtpm_localca --type ek --ek x=36c1357d974fab9d75b07a77d8ac4aa39f9c9b14a72fa6cee9ce1f9a48068312d366cd1014e31d22494a904b5aec1e17,y=d5d111bfbefc402e30b3705873f12fb733df67f2e1fb152b384e46b1e221e6a112c611b5617c8e3fe9b64e2420a12f0f,id=secp384r1 --dir /tmp/swtpm_setup.certs.3GGU02 --logfile
9 --dir /tmp/swtpm_setup.certs.3GGU02 --logfile /var/log/swtpm/libvirt/qemu/win11-swtpm.log --vmid win11:97762286-6867-4cba-9508-a5b9dfd79d20 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options
Creating root CA and a local CA's signing key and issuer cert.
Successfully created EK certificate locally.
Invoking /usr/bin/swtpm_localca --type platform --ek c56ec3fb4a075f885f37fd0879836aaa50bb092362bb7704cbe75e47dbca8dee151f88d3e6e5463db461672ae1561a860ee46d36475b91039d266aa565788d89b7dcc7a2e40665e4e2f5f3f055c354fd8c2d2d0eafe9a9987f29fff3425dc89517c2db10c720fc765cdd213356c470aedc120977b1a7b5422e620dfe222a423f75af09e7b9aadb422a4329224048e637e9cbc89acfc2eceb53e2f1ba6f5bd876dcbbdbcaa47c489ce45de4fd943d4743e805bc805ec7783f2755b81434f495656c33eca7e5d0edab78f1297b9fa7db73fc1fa1b201ebe0397f417698d3578515e29ea8c7784f03e8d5d3e2b9390ead33533156993d881160e24e850e23109f19 --dir /tmp/swtpm_setup.certs.3GGU02 --logfile /var/log/swtpm/libvirt/qemu/win11-swtpm.log --vmid win11:97762286-6867-4cba-9508-a5b9dfd79d20 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options
Successfully created platform certificate locally.
Successfully created NVRAM area 0x1c00002 for RSA 2048 EK certificate.
Successfully created NVRAM area 0x1c08000 for platform certificate.
Successfully created ECC EK with handle 0x81010016.
Invoking /usr/bin/swtpm_localca --type ek --ek x=36c1357d974fab9d75b07a77d8ac4aa39f9c9b14a72fa6cee9ce1f9a48068312d366cd1014e31d22494a904b5aec1e17,y=d5d111bfbefc402e30b3705873f12fb733df67f2e1fb152b384e46b1e221e6a112c611b5617c8e3fe9b64e2420a12f0f,id=secp384r1 --dir /tmp/swtpm_setup.certs.3GGU02 --logfile
/var/log/swtpm/libvirt/qemu/win11-swtpm.log --vmid win11:97762286-6867-4cba-9508-a5b9dfd79d20 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options
Successfully created EK certificate locally.
Successfully created NVRAM area 0x1c00016 for ECC EK certificate.
Successfully activated PCR banks sha256 among sha1,sha256,sha384,sha512.
Successfully authored TPM state.
Ending vTPM manufacturing @ Wed 29 Jan 2025 02:33:40 PM EST
swtpm at /usr/bin/swtpm does not support TPM 2
swtpm at /usr/bin/swtpm does not support TPM 2
swtpm at /usr/bin/swtpm does not support TPM 2
swtpm at /usr/bin/swtpm does not support TPM 2
swtpm at /usr/bin/swtpm does not support TPM 2
swtpm at /usr/bin/swtpm does not support TPM 2
swtpm at /usr/bin/swtpm does not support TPM 2
/var/log/swtpm/libvirt/qemu/win11-swtpm.log --vmid win11:97762286-6867-4cba-9508-a5b9dfd79d20 --tpm-spec-family 2.0 --tpm-spec-level 0 --tpm-spec-revision 164 --tpm-manufacturer id:00001014 --tpm-model swtpm --tpm-version id:20191023 --tpm2 --configfile /etc/swtpm-localca.conf --optsfile /etc/swtpm-localca.options
Successfully created EK certificate locally.
Successfully created NVRAM area 0x1c00016 for ECC EK certificate.
Successfully activated PCR banks sha256 among sha1,sha256,sha384,sha512.
Successfully authored TPM state.
Ending vTPM manufacturing @ Wed 29 Jan 2025 02:33:40 PM EST
swtpm at /usr/bin/swtpm does not support TPM 2
swtpm at /usr/bin/swtpm does not support TPM 2
swtpm at /usr/bin/swtpm does not support TPM 2
swtpm at /usr/bin/swtpm does not support TPM 2
swtpm at /usr/bin/swtpm does not support TPM 2
swtpm at /usr/bin/swtpm does not support TPM 2
swtpm at /usr/bin/swtpm does not support TPM 2
yep it was missing the directory
now I gotta figure out why it says no boot device found