I’ve been trying to figure out why this error was logged when trying to submit and run a virtual machine in OpenNebula with QEMU and KVM: “could not open disk image disk.0 Permission denied”. SELinux was complaining about dac_override and dac_read_search.
I thought it was a problem with security contexts as /var/lib/one directory is labelled with var_lib_t security context and QEMU would expect a virt_image_t context or svirt_image_t to run the virtual machine (libvirt provides documentation about QEMU and SELinux in this URL http://libvirt.org/drvqemu.html)
I changed the security context for the /var/lib/one/datastores directory:
chcon -R --type=virt_image_t /var/lib/one/datastores
Despite the security context change the error persisted, thankfully I found this message in the OpenNebula mail list:
I finally get rid of the permission denied editing my /etc/libvirt/qemu.conf and restarting the livirtd daemon (service libvirtd restart)
user="oneadmin" group="oneadmin" dynamic_ownership = 0
I’m still being able to run OpenNebula and SELinux, let’s see if I can keep SELinux enabled in my following tests.