Essential Guide

Essential guide to Linux in the enterprise

A comprehensive collection of articles, videos and more, hand-picked by our editors
Q

Issues with SELinux preventing virtual machine from accessing files

Here's how to solve the problems when trying to access files via a virtual machine in SELinux.

I'm running Fedora 17 with KVM and the virtual machine runs okay. I tried to follow this to get access to a file on the host system but SELinux prevents the VM from accessing any files other than those in /var/lib/libvirt/images. This is the message the host gives when running ls inside the VM on the shared path: "SELinux is preventing /usr/bin/qemu-kvm from read access on the directory share."

How can I get around this? The purpose of my VM is to test binaries on multiple Linux distributions, so a shared path would be easiest. Is there a way to make /tmp/share absolutely accessible to everyone?

The reason you cannot share virtual machines in a path other than /var/lib/libvirt/images is SELinux. SELinux adds additional protection to your system. By using labels on directories, it sets directories for a specific purpose only. The elegant way to store image files somewhere else is by setting the appropriate context type label on that directory. In your case, run the following two commands (make sure to execute them from a root shell):

semanage --t --a virt_image_t /tmp/share(/.*) ?

restorecon --R --v /tmp/share

If that doesn't work, you can also disable SELinux completely. To do this, make sure the following line is included in the file /etc/sysconfig/selinux:

SELINUX=disabled

Until you have time to reboot your computer, you can also use setenforce 0 to temporarily disable SELinux, but don't forget to change the above configuration file, or else it will automatically be enabled again when you're rebooting.

Next, you say you want to make the content of /tmp/share accessible to everyone. The easiest way is by creating an NFS share. Make sure the file /etc/exports contains the following line:

/tmp/share     *(rw,no_root_squash)

Next, use the command service nfs start to start the NFS server. From any other computer, you can now mount the NFS share, using a command like the following:

mount --t nfs your.fedora.computer:/tmp/share/mnt

You'll now have access to the contents of the NFS share by accessing the /mnt directory, and you can access the image files from there.

About the author:

Sander van Vugt is an independent trainer and consultant based in the Netherlands. He is an expert in Linux high availability, virtualization and performance. He has authored many books on Linux topics, including Beginning the Linux Command LineBeginning Ubuntu LTS Server Administration and Pro Ubuntu Server Administration.

mail@sandervanvugt.nl

This was first published in April 2013

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Essential Guide

Essential guide to Linux in the enterprise

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWindowsServer

SearchEnterpriseLinux

SearchServerVirtualization

SearchCloudComputing

Close