[libvirt] VM creation failed : Permission denied : bind(unix:/var/run/libvirt/qemu//VM.monitor)

[Daniel P. Berrange]

On Thu, Jul 30, 2009 at 10:33:31AM +0200, Pierre-Gilles Mialon wrote:
> 	I use Ovirt under Fedora 11 with the latest developpement package and the VM 
> creation failed with :
> bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied


> ==> /var/log/libvirt/qemu/VM-4.log <==
> LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin HOME=/root USER=root LOGNAME=root 
> /usr/bin/qemu-kvm -S -M pc -m 256 -smp 1 -name VM-4 -uuid 492f836f-5123-
> e185-39c2-09c5dd43a7f6 -monitor 
> unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait -boot n -net 
> nic,macaddr=00:16:3e:10:de:fe,vlan=0,name=nic.0 -net 
> tap,fd=18,vlan=0,name=tap.0 -serial pty -parallel none -usb -vnc 0.0.0.0:0 -
> vga cirrus 
> bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
> qemu: could not open monitor device 
> 'unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait'
> 
> ==> # rpm -qa | grep libvirt  <==
> libvirt-0.7.0-0.2.gitf055724.fc11.x86_64
> libvirt-python-0.7.0-0.2.gitf055724.fc11.x86_64
> libvirt-client-0.7.0-0.2.gitf055724.fc11.x86_64
> libvirt-qpid-0.2.17-0.fc11.x86_64

Is SELinux in enforcing mode ?  It is quite likley that we'll need to
update the policy to allow QEMU to use UNIX domain sockets here, since
historically we've only had to allow PTYs.

If SELinux isn't enforcing,t hen the other candidate is that the QEMU
driver is configured to run VMs are 'qemu' user account, and the 
/var/run/libvirt/qemu directory is mistakenly owned by 'root'

Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|