<div dir="ltr"><div><div><div>Hi all.<br><br></div>I run into trouble, while try to start libvirtd inside docker container (actually it is LXC container).<br><br></div><div>During startup libvirtd can't load shared library libvirt-qemu.so.0 (and strace results looks very odd).<br>
<br></div><div>* I run libvirtd as root. <br>* libvirt-bin - 0.9.8-2ubuntu17<br>* selinux/apparmor both disabled. <br>* No other security extension are used.<br></div><div>* No sticky bits are set. <br>* Required library are present in appropriate folder and have all required permissions.<br>
</div><div>* I also successfully load it to other process (python). <br>* No file locks are holds.<br></div><div>* OS ubuntu linux 12.04 x64 ___running inside LXC container__(docker). Container is privileged (I can run vm using kvm in it)<br>
</div><div>* On host system libvirtd starts ok, but stopped now<br></div><div><br># uname -a<br></div><div>Linux 27119997ee44 3.11.0-19-generic #33-Ubuntu SMP Tue Mar 11 18:48:34 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux<br>
<br># dpkg -l | grep libvirt <br>ii libvirt-bin 0.9.8-2ubuntu17 programs for the libvirt library<br>ii libvirt0 0.9.8-2ubuntu17 library for interfacing with different virtualization systems<br>
ii python-libvirt 0.9.8-2ubuntu17 libvirt Python bindings<br><br><br></div><div># libvirtd<br>libvirtd: error while loading shared libraries: libvirt-qemu.so.0: cannot open shared object file: Permission denied<br>
<br># whoami<br>root<br><br># ls -l `which libvirtd`<br>-rwxr-xr-x 1 root root 1211712 Apr 16 2012 /usr/sbin/libvirtd<br><br># ldd `which libvirtd`<br> ......<br> libvirt-qemu.so.0 => /usr/lib/libvirt-qemu.so.0 (0x00007fd6ed29c000)Environment:<br>
</div> ....<br><br></div># ls -l /usr/lib/libvirt-qemu.so.0<br>-rwxr-xr-x 1 root root 6144 May 6 21:46 /usr/lib/libvirt-qemu.so.0<br><div><br># strace libvirtd<br>execve("/usr/sbin/libvirtd", ["libvirtd"], [/* 19 vars */]) = 0<br>
brk(0) = 0x1d74000<br></div><div>.... (~30 lines)<br><br></div><div>open("/usr/lib/libvirt-qemu.so.0", O_RDONLY|O_CLOEXEC) = -1 EACCES (Permission denied) <<<< !!!!<br>
stat("/usr/lib", 0x7fffbd127840) = -1 EACCES (Permission denied)-- <<<< !!!!<br><div><div><div><br><br></div><div>Before try to load /usr/lib/libvirt-qemu.so.0 libvirtd make only stat, open, access and brk system calls (no change user or other security related calls)<br>
<br></div><div># stat /usr/lib<br></div><div> File: `/usr/lib'<br> Size: 8192 Blocks: 24 IO Block: 4096 directory<br>Device: 53h/83d Inode: 70 Links: 68<br>Access: (0755/drwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)<br>
Access: 2014-04-02 12:38:18.171617082 +0000<br>Modify: 2014-05-06 21:46:39.450449491 +0000<br>Change: 2014-05-06 21:46:39.450449491 +0000<br> Birth: -<br><br># selinuxenabled ; echo $?<br>1<br><br># kvm-ok<br>INFO: /dev/kvm exists<br>
KVM acceleration can be used<br><br></div><div>on host system - <br><br>$ docker -v<br>Docker version 0.9.1, build 3600720<br></div><div><br></div><div>Thanks<br><br></div><div>----<br>Kostiantyn Danilov aka <a href="http://koder.ua" target="_blank">koder.ua</a><br>
Principal software engineer, Mirantis<br><br>skype:<a href="http://koder.ua" target="_blank">koder.ua</a><br><a href="http://koder-ua.blogspot.com/" target="_blank">http://koder-ua.blogspot.com/</a><br><a href="http://mirantis.com" target="_blank">http://mirantis.com</a>
</div></div></div></div></div>