问题实例

dnsmasq: cannot read /var/lib/libvirt/dnsmasq/default.conf: Permission denied

参考连接：https://forum.level1techs.com/t/solved-virtual-network-issue-virsh-net-start-default/136141

该问题常出现在移动 /var/lib/libvirt 目录下的内容到新的磁盘上之后出现，是由于 SELinux 的策略导致的

I solved this so I figured I’d post the fix (to my specific problem) in case anybody else runs into this. This was happening due to an SELinux policy violation. Here is what I did:

$ sudo setenforce 0 # disable SELinux momentarily$ sudo virsh net-start default # this worked which meant SELinux was involved$ sudo setenforce 1 # renable SELinux$ sudo ausearch -m AVC,USER_AVC,SELINUX_ERR -ts recent # inspect the SELinux alerts if you’re interested

Then I remembered…I’d created a new logical volume for /var/lib/libvirt to host all virtual machine configs and then just copied all of the original directories over - this was my mistake - SELinux somehow knows they are copied files and was denying access. (I really don’t understand SELinux…) To fix, I needed to restore the permissions:

$ restorecon -rv /var/lib/libvirt

Then the network started right up.

Any suggestions on good resources on learning about SELinux?