[libvirt] running Libvirt from source code, IPC_LOCK and VFIO
Daniel P. Berrangé
berrange at redhat.com
Tue Feb 5 10:32:34 UTC 2019
On Mon, Feb 04, 2019 at 08:44:21PM -0200, Daniel Henrique Barboza wrote:
> Hi Erik,
>
> Just to let you know that the error I reported in one of my replies was
> being caused by one change I forgot to undo. This error here:
>
>
> error : virQEMUCapsNewForBinaryInternal:4687 : internal error: Failed to
> probe QEMU binary with
> QMP: libvirt: error : prctl failed to enable 'dac_override' in the AMBIENT
> set:
> Operation not permitted
>
>
> was happening because I have commented out this line inside
> qemu_capabilities.c:
>
> --- a/src/qemu/qemu_capabilities.c
> +++ b/src/qemu/qemu_capabilities.c
> @@ -4519,7 +4519,7 @@
> virQEMUCapsInitQMPCommandRun(virQEMUCapsInitQMPCommandPtr cmd,
> "-daemonize",
> NULL);
> virCommandAddEnvPassCommon(cmd->cmd);
> - virCommandClearCaps(cmd->cmd);
> + // virCommandClearCaps(cmd->cmd);
>
> #if WITH_CAPNG
> /* QEMU might run into permission issues, e.g. /dev/sev (0600),
> override
>
>
> Thus there is no need to move the PR_CAP_AMBIENT around to prevent the
> error message. Sorry for any alarms I might have raised there.
>
>
> I'm still experiencing the issue with IPC_LOCK inside the guest though. I'll
> update here when I have concrete findings about it.
Any use of capabilities "inside the guest" is not libvirt's responsibility.
It only cares about capabilities on the *host* OS used by QEMU.
Regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
More information about the libvir-list
mailing list