Gnome-boxes doesn't work with SE-Linux enabled and images moved to ext4

Hi,

Something is blocking gnome-boxes to run properly when trying to follow documentation on changing the path of the gnome-boxes images location.
As remarked on Gnome help I created a symlink to the new location and gave permissions to my user.
$ find . -type l -ls
58561 4 lrwxrwxrwx 1 user user 39 Dec 20 16:54 ./.local/share/gnome-boxes → /mnt/UUID/#VMs/gnome-boxes/

The new location is NTFS partition which is mounted and accessible, however seems that SE-Linux might be raising issues due to permissions. When I disable SE-Linux, the VM runs just fine, the same happens when I revert everything to the default gnome-boxes location and put back the image file.

However, when I enable SE-Linux, and try running the VM in gui I get

and in the log the last message is
2020-12-20T17:58:55.960417Z qemu-system-x86_64: -blockdev {“driver”:“file”,“filename”:“/home/user/.local/share/gnome-boxes/images/MV1”,“node-name”:“libvirt-2-storage”,“cache”:{“direct”:false,“no-flush”:false},“auto-read-only”:true,“discard”:“unmap”}: Could not open ‘/home/user/.local/share/gnome-boxes/images/MV1’: Permission denied
2020-12-20 17:58:55.988+0000: shutting down, reason=failed

journalctl shows similar problem
Dec 20 18:02:50 fedora libvirtd[14120]: Unable to read from monitor: Connection reset by peer
Dec 20 18:02:50 fedora libvirtd[14120]: internal error: qemu unexpectedly closed the monitor: 2020-12-20T18:02:50.534454Z qemu-system-x86_64: -blockdev {“driver”:“file”,“filename”:“/home/user/.local/share/gnome-boxes/images/MV1”,“node-name”:“libvirt-2-storage”,“cache”:{“direct”:false,“no-flush”:false},“auto-read-only”:true,“discard”:“unmap”}: Could not open ‘/home/user/.local/share/gnome-boxes/images/MV1’: Permission denied
Dec 20 18:02:50 fedora libvirtd[14120]: internal error: process exited while connecting to monitor: 2020-12-20T18:02:50.534454Z qemu-system-x86_64: -blockdev {“driver”:“file”,“filename”:“/home/user/.local/share/gnome-boxes/images/MV1”,“node-name”:“libvirt-2-storage”,“cache”:{“direct”:false,“no-flush”:false},“auto-read-only”:true,“discard”:“unmap”}: Could not open ‘/home/user/.local/share/gnome-boxes/images/MV1’: Permission denied

One solution to have it running would be to reformat my other disk to ext4, however I would really like to have it on a shared NTFS disk.
I would appreciate any help or point in the right direction!
Let me know please if I can share anything else.

Thanks!

1 Like

NTFS doesn’t support SELinux labels.
So, either use a native file system, or disable SELinux.
Choose depending on what is more important for you.

Repair SELinux labels if the issue persists after reverting:

restorecon -R ~
1 Like

Hi,

much appreciated for the reply!

I actually just found this suggestion and it solves the issue, at least the VM runs fine after executing
sudo setsebool -P virt_use_fusefs 1

Will need to check more in case this will in any way compromise stability, but in the meantime could be very useful for anyone else having the same issue and not being able to run the VM for hours :slight_smile:

3 Likes