[libvirt-users] 9p host/guest permissions & selinux...?

Morgan Read mstuff at read.org.nz
Sun Jun 21 18:29:06 UTC 2015 

Hello Folks

It's with some trepidation that I venture on to such a heady newsgroup, 
but I'm about ready to throw myself off a bridge after getting this all 
set up and apparently working only to be struck down by permissions and 
selinux hell (either, or both).

I've followed instructions here:
http://wiki.qemu.org/Documentation/9psetup
http://troglobit.github.io/blog/2013/07/05/file-system-pass-through-in-kvm-slash-qemu-slash-libvirt/
http://www.linux-kvm.org/page/9p_virtio

The page at the last link helpfully concludes:
Note: likely to hit some issues w/ privileges since Fedora libvirt runs 
guests unprivileged and with SELinux confinement...careful use of chown, 
chmod and chcon should get it working

And, that's the most useful information I've been able to find...

*Set up*
Host - f21 server
[user at frontserver ~]$ uname -a
Linux frontserver.lan 4.0.4-202.fc21.i686+PAE #1 SMP Wed May 27 22:51:47 
UTC 2015 i686 i686 i386 GNU/Linux
Guest - f20 (vortexbox)
[root at vortexbox ~]# uname -a
Linux vortexbox 3.12.5-301.fc20.i686+PAE #1 SMP Mon Dec 16 18:42:48 EST 
2013 i686 i686 i386 GNU/Linux

Share is at /home/vortexbox-storage and shared to /storage

Output of mount, touch, ls etc on host and guest:
[user at frontserver home]$ ls
lost+found  user  vortexbox-storage
[user at frontserver home]$ ls -al vortexbox-storage
total 12
drwxrwxrwx. 2 qemu qemu 4096 Apr  4 09:58 .
drwxr-xr-x. 5 root root 4096 Mar 24 11:23 ..
-rwxrwxrwx. 1 qemu qemu   17 Apr  3 17:54 hello
[user at frontserver home]$ cd vortexbox-storage
[user at frontserver vortexbox-storage]$ touch hello2
[user at frontserver vortexbox-storage]$ ls -al
total 12
drwxrwxrwx. 2 qemu qemu 4096 Jun 20 22:07 .
drwxr-xr-x. 5 root root 4096 Mar 24 11:23 ..
-rwxrwxrwx. 1 qemu qemu   17 Apr  3 17:54 hello
-rw-rw-r--. 1 user user    0 Jun 20 22:07 hello2
[user at frontserver vortexbox-storage]$ echo hello2 > hello2
[user at frontserver vortexbox-storage]$ cat hello2
hello2

[user at frontserver vortexbox-storage]$ ssh root at 192.168.122.61
root at 192.168.122.61's password:
Last login: Sat Jun 20 16:44:37 2015
[root at vortexbox /]# umount /storage
[root at vortexbox /]# ls -al | grep storage
drwxr-xr-x    2 root root  4096 Jun 20 12:24 storage
drwxr-xr-x    5 root root  4096 Mar 24 07:31 storage-tmp
[root at vortexbox /]# mount -t 9p -o trans=virtio,version=9p2000.L,rw 
storage /storage
[root at vortexbox /]# ls -al | grep storage
drwxrwxrwx    2  107  107  4096 Jun 21 14:11 storage
drwxr-xr-x    5 root root  4096 Mar 24 07:31 storage-tmp
[root at vortexbox /]# cd /storage
[root at vortexbox storage]# ls -al
ls: cannot access hello: Permission denied
total 8
drwxrwxrwx   2  107  107 4096 Jun 21 14:11 .
dr-xr-xr-x. 20 root root 4096 Mar 24 07:43 ..
-??????????  ? ?    ?       ?            ? hello
[root at vortexbox storage]# cat hello
cat: hello: Permission denied
[root at vortexbox storage]# ls -al
ls: cannot access hello2: Permission denied
ls: cannot access hello: Permission denied
total 8
drwxrwxrwx   2  107  107 4096 Jun 21 14:13 .
dr-xr-xr-x. 20 root root 4096 Mar 24 07:43 ..
-??????????  ? ?    ?       ?            ? hello
-??????????  ? ?    ?       ?            ? hello2
[root at vortexbox storage]# cat hello2
cat: hello2: Permission denied
[root at vortexbox storage]#

When I try touch or cat the hellos selinux-troubleshoot throws a wobbly. 
  I've logged that as a bug here:
https://bugzilla.redhat.com/show_bug.cgi?id=1234067

I figure it must be possible to give some fairly straight forward 
instruction (even for me) on what permissions to set where to get this 
working...

If anyone can help, I would be very very grateful (and happy:)

Thanks,
M
-- 
Morgan Read
<mailto:mstuffATreadDOTorgDOTnz>

Confused about DRM?
Get all the info you need at:
http://drm.info/

More information about the libvirt-users mailing list