<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 4/12/2016 4:36 PM, Martin Kletzander wrote:<br>
<blockquote cite="mid:20160412203645.GC4234@wheatley" type="cite">On
Tue, Apr 12, 2016 at 10:29:29PM +0200, Martin Kletzander wrote:
<br>
<blockquote type="cite">On Tue, Apr 12, 2016 at 03:55:45PM -0400,
TomK wrote:
<br>
<blockquote type="cite">On 4/12/2016 3:40 PM, Martin Kletzander
wrote:
<br>
<blockquote type="cite">[ I would be way easier to reply if
you didn't top-post ]
<br>
<br>
On Tue, Apr 12, 2016 at 12:07:50PM -0400, TomK wrote:
<br>
<blockquote type="cite">On 4/12/2016 11:45 AM, John Ferlan
wrote:
<br>
<blockquote type="cite">What got my attention was the
error message "initializing FS storage
<br>
file" with the "file:" prefix to the name and 9869:9869
as the uid:gid
<br>
trying to access the file (I assume that's
oneadmin:oneadmin on your
<br>
system).
<br>
<br>
</blockquote>
</blockquote>
<br>
I totally missed this. So the only thing that popped on my
mind now was
<br>
checking the whole path:
<br>
<br>
ls -ld
/var{,/lib{,/one{,/datastores{,/0{,/38{,/disk.1}}}}}}
<br>
<br>
You can also run it as root and oneadmin, however after
reading through
<br>
all the info again, I don't think that'll help.
<br>
<br>
</blockquote>
I top post by default in thunderbird and we have same setup at
work with
<br>
M$ LookOut. Old habits are to blame I guess. I'll try to
reply like
<br>
this instead. But yeah it's terrible for mailing lists to top
post.
<br>
Here's the output and thanks again:
<br>
<br>
[oneadmin@mdskvm-p01 ~]$ ls -ld
<br>
/var{,/lib{,/one{,/datastores{,/0{,/38{,/disk.1}}}}}}
<br>
drwxr-xr-x. 21 root root 4096 Apr 11 07:10 /var
<br>
drwxr-xr-x. 45 root root 4096 Apr 12 07:58 /var/lib
<br>
drwxr-x--- 12 oneadmin oneadmin 4096 Apr 12 15:50
/var/lib/one
<br>
</blockquote>
<br>
Look ^^, maybe for a quick workaround you could try doing:
<br>
<br>
chmod o+rx /var/lib/one
<br>
<br>
</blockquote>
<br>
Actually, o+x ought to be enough.
<br>
<br>
<blockquote type="cite">Let me know if that does the trick (at
least for now).
<br>
<br>
<blockquote type="cite">drwxrwxr-x 6 oneadmin oneadmin 46
Mar 31 02:44 /var/lib/one/datastores
<br>
drwxrwxr-x 6 oneadmin oneadmin 42 Apr 5 00:20
<br>
/var/lib/one/datastores/0
<br>
drwxrwxr-x 2 oneadmin oneadmin 68 Apr 5 00:20
<br>
/var/lib/one/datastores/0/38
<br>
-rw-r--r-- 1 oneadmin oneadmin 372736 Apr 5 00:20
<br>
/var/lib/one/datastores/0/38/disk.1
<br>
[oneadmin@mdskvm-p01 ~]$
<br>
<br>
That's the default setting but I think I see what you're
getting at that
<br>
permissions get inherited?
<br>
<br>
</blockquote>
<br>
No, I just think you need eXecute on all parent directories.
That
<br>
shouldn't hinder your security and could help.
<br>
<br>
<blockquote type="cite">Cheers,
<br>
Tom K.
<br>
-------------------------------------------------------------------------------------
<br>
<br>
<br>
Living on earth is expensive, but it includes a free trip
around the sun.
<br>
<br>
</blockquote>
</blockquote>
<br>
<br>
<br>
<blockquote type="cite">--
<br>
libvir-list mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:libvir-list@redhat.com">libvir-list@redhat.com</a>
<br>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/libvir-list">https://www.redhat.com/mailman/listinfo/libvir-list</a>
<br>
</blockquote>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
libvirt-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:libvirt-users@redhat.com">libvirt-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/libvirt-users">https://www.redhat.com/mailman/listinfo/libvirt-users</a></pre>
</blockquote>
<br>
The execute permissions did the trick to allow creation. So that's
good. There's still the write and I'm thinking you intend this as a
workaround since oneadmin should be able to write in there with
other being --- . The auto deployment of cloud virtuals would still
fail then when writes are attempted. <br>
<br>
<small>[oneadmin@mdskvm-p01 ~]$ virsh -d 1 --connect qemu:///system
create /var/lib/one//datastores/0/38/deployment.0<br>
create: file(optdata): /var/lib/one//datastores/0/38/deployment.0<br>
Domain one-38 created from
/var/lib/one//datastores/0/38/deployment.0<br>
[oneadmin@mdskvm-p01 ~]$</small><br>
<br>
Now should this work without any permissions on other for the
unprivileged user oneadmin? Thinking Yes per John Forlan's reply?<br>
<br>
<small>[oneadmin@mdskvm-p01 0]$ virsh -d 1 --connect qemu:///system
create /var/lib/one//datastores/0/24/deployment.0<br>
create: file(optdata): /var/lib/one//datastores/0/24/deployment.0<br>
error: Failed to create domain from
/var/lib/one//datastores/0/24/deployment.0<br>
error: can't canonicalize path
'/var/lib/one//datastores/0/24/disk.1': Permission denied<br>
[oneadmin@mdskvm-p01 0]$</small><br>
<br>
<br>
<div class="moz-signature">Cheers,<br>
Tom K.<br>
-------------------------------------------------------------------------------------
<br>
Living on earth is expensive, but it includes a free trip around
the sun.<br>
</div>
<br>
</body>
</html>