failed to start vm after add vsock device

longguang.yue libvirt at
Thu Jan 28 11:08:47 UTC 2021

Michal, thanks.

i have another question  which is related to kata-container.

when there is only one  virtiofs-device , how does it do that   in guest there are 4 times of virtiofs-mounts that have same src and different targets.  

# in guest
[root at kvm kata-containers]# docker exec efda32ca6a93 mount | grep kataShared
kataShared on / type virtiofs (rw,relatime)
kataShared on /etc/resolv.conf type virtiofs (rw,relatime)
kataShared on /etc/hostname type virtiofs (rw,relatime)
kataShared on /etc/hosts type virtiofs (rw,relatime)

# qemu-kvm
-chardev socket,id=char-c91f3c6a619cec75,path=/run/vc/vm/efda32ca6a93491ac173dc2ad8a38ac095abab3bd8147a1101851f2a0a8d9012/vhost-fs.sock -device vhost-user-fs-pci,chardev=char-c91f3c6a619cec75,tag=kataShared,romfile=

At 2021-01-27 21:31:49, "Michal Privoznik" <mprivozn at> wrote:
>On 1/26/21 2:13 PM, longguang.yue wrote:
>> Hi, all:
>>      there is no error when launch qemu-kvm from cli directly,  but vm fails to start via libvirtd.
>> i have tried to chmod 0666 /dev/vhost-vsock.
>> error: internal error: qemu unexpectedly closed the monitor: 2021-01-26T13:06:06.403097Z qemu-kvm: -device vhost-vsock-pci,id=vhost-vsock-pci0,guest-cid=4: vhost-vsock: failed to open vhost device: Unknown error -13
>Errno 13 is EACCES (Permission denied) which means that libvirt didn't 
>set seclabel on something ...
>> <qemu:commandline>
>>      <qemu:arg value='-device'/>
>>      <qemu:arg value='vhost-vsock-pci,id=vhost-vsock-pci0,guest-cid=4'/>
>>    </qemu:commandline>
>.. and this is explains why. Anything that's added via qemu commandline 
>passthru is opaque to libvirt. Libvirt does not examine it, nor it sets 
>any labels, nothing. If you use it, you're on your own. However, vsock 
>was added to libvirt (almost 3 years ago) and instead of passing through 
>a command line you can define vsock device:
>For instance like this:
>   <vsock model='virtio'>
>     <cid auto='no' address='3'/>
>   </vsock>

More information about the libvir-list mailing list