This article is part of an Essential Guide, our editor-selected collection of our best articles, videos and other content on this topic. Explore more in this guide:
1. - Helpful administrative tools for Linux in the enterprise: Read more in this section
- Graphical monitoring and management with RHEL
- Exploring an open source monitoring system for Linux
- SELinux management for business security
- How to set up Zabbix for Linux monitoring
- Setup for standard high-availability Linux software
- Commands for fixing some SELinux virtualization issues
Explore other sections in this guide:
- 2. - Lifting Linux workloads off-premises
- 3. - Breathing new life into big iron
- 4. - Test your Linux skills with this quiz
I'm running Fedora 17 with KVM and the virtual machine runs okay. I tried to follow this to get access to a file on the host system but SELinux prevents the VM from accessing any files other than those in /var/lib/libvirt/images. This is the message the host gives when running ls inside the VM on the shared path: "SELinux is preventing /usr/bin/qemu-kvm from read access on the directory share."
How can I get around this? The purpose of my VM is to test binaries on multiple Linux distributions, so a shared path would be easiest. Is there a way to make /tmp/share absolutely accessible to everyone?
The reason you cannot share virtual machines in a path other than /var/lib/libvirt/images is SELinux. SELinux adds additional protection to your system. By using labels on directories, it sets directories for a specific purpose only. The elegant way to store image files somewhere else is by setting the appropriate context type label on that directory. In your case, run the following two commands (make sure to execute them from a root shell):
semanage --t --a virt_image_t /tmp/share(/.*) ?
restorecon --R --v /tmp/share
If that doesn't work, you can also disable SELinux completely. To do this, make sure the following line is included in the file /etc/sysconfig/selinux:
Until you have time to reboot your computer, you can also use setenforce 0 to temporarily disable SELinux, but don't forget to change the above configuration file, or else it will automatically be enabled again when you're rebooting.
Next, you say you want to make the content of /tmp/share accessible to everyone. The easiest way is by creating an NFS share. Make sure the file /etc/exports contains the following line:
Next, use the command service nfs start to start the NFS server. From any other computer, you can now mount the NFS share, using a command like the following:
mount --t nfs your.fedora.computer:/tmp/share/mnt
You'll now have access to the contents of the NFS share by accessing the /mnt directory, and you can access the image files from there.
About the author:
Sander van Vugt is an independent trainer and consultant based in the Netherlands. He is an expert in Linux high availability, virtualization and performance. He has authored many books on Linux topics, including Beginning the Linux Command Line, Beginning Ubuntu LTS Server Administration and Pro Ubuntu Server Administration.