Skip to content

Missing directories in /var/lib for libvirt & swtpm

Install

Output of cat /etc/os-release:

Click to expand Click to expand NAME="Fedora Linux" VERSION="40.20240902.0 (Silverblue)" ID=fedora VERSION_ID=40 VERSION_CODENAME="" PLATFORM_ID="platform:f40" PRETTY_NAME="Fedora Linux 40.20240902.0 (Silverblue)" ANSI_COLOR="0;38;2;60;110;180" LOGO=fedora-logo-icon CPE_NAME="cpe:/o:fedoraproject:fedora:40" DEFAULT_HOSTNAME="fedora" HOME_URL="https://silverblue.fedoraproject.org" DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora-silverblue/" SUPPORT_URL="https://ask.fedoraproject.org/" BUG_REPORT_URL="https://github.com/fedora-silverblue/issue-tracker/issues" REDHAT_BUGZILLA_PRODUCT="Fedora" REDHAT_BUGZILLA_PRODUCT_VERSION=40 REDHAT_SUPPORT_PRODUCT="Fedora" REDHAT_SUPPORT_PRODUCT_VERSION=40 SUPPORT_END=2025-05-13 VARIANT="Silverblue" VARIANT_ID=silverblue OSTREE_VERSION='40.20240902.0'

Issue

There are missing directories in /var/lib, which prevents libvirt and swtpm from working normally, namely:

  • For swtpm - /var/lib/swtpm-localca
    • this directory must also be owned by the tss group
  • For libvirt - /var/log/libvirt

With /var/log/libvirt missing, libvirt/virt-manager will not create and start VMs. If /var/lib/swtpm-localca is missing, libvirt/virt-manager will not create and start VMs which require TPM, e.g., Windows 11.

Steps to reproduce the issue

  1. Fresh install Fedora Silverblue 40. I installed it on real HW.
  2. Install virt-manager as layer to container (bootc variant) - rpm-ostree install virt-manager.
  3. Add your user to the libvirt group, if you don't want to enter your password every time virt-manager is started - usermod -aG libvirt <your user name>.
  4. Reboot.
  5. Start virt-manager.
  6. Create new virtual machine:
    1. Choose Windows 11 install ISO or
    2. Select a Linux distro ISO but add TPM before starting installation.
  7. Go through all steps, at the last step mark a checkbox to change config before installing:
    1. If a Linux distro is selected for VM - add TPM via Add Hardware.
  8. Start installation.
  9. virt-manager will complain about missing /var/log/libvirt in the first place and fail with error message. Once this issue is fixed, virt-manager will complain about missing /var/lib/swtpm-localca on second attempt to install. If missing /var/lib/swtpm-localca was created and not owned by the tss group - install attempt will fail again, until ownership is fixed.

Expected result

After the step no 8 it is expected that VM is created successfully and the install process is started.

More context to this problem was discussed in this Fedora Discussions thread - https://discussion.fedoraproject.org/t/last-few-holes-in-fedora-silverblue-libvirt-swtpm-virt-manager-and-systemd-homed/130696

Edited by arturasb
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information