[libvirt-users] [libvirt] Libvirtd running as root tries to access oneadmin (OpenNebula) NFS mount but throws: error: can’t canonicalize path

Martin Kletzander mkletzan at redhat.com
Tue Apr 12 20:36:45 UTC 2016 

On Tue, Apr 12, 2016 at 10:29:29PM +0200, Martin Kletzander wrote:
>On Tue, Apr 12, 2016 at 03:55:45PM -0400, TomK wrote:
>>On 4/12/2016 3:40 PM, Martin Kletzander wrote:
>>> [ I would be way easier to reply if you didn't top-post ]
>>>
>>> On Tue, Apr 12, 2016 at 12:07:50PM -0400, TomK wrote:
>>>> On 4/12/2016 11:45 AM, John Ferlan wrote:
>>>>> What got my attention was the error message "initializing FS storage
>>>>> file" with the "file:" prefix to the name and 9869:9869 as the uid:gid
>>>>> trying to access the file (I assume that's oneadmin:oneadmin on your
>>>>> system).
>>>>>
>>>
>>> I totally missed this.  So the only thing that popped on my mind now was
>>> checking the whole path:
>>>
>>>  ls -ld /var{,/lib{,/one{,/datastores{,/0{,/38{,/disk.1}}}}}}
>>>
>>> You can also run it as root and oneadmin, however after reading through
>>> all the info again, I don't think that'll help.
>>>
>>I top post by default in thunderbird and we have same setup at work with
>>M$ LookOut.  Old habits are to blame I guess.  I'll try to reply  like
>>this instead.  But yeah it's terrible for mailing lists to top post.
>>Here's the output and thanks again:
>>
>>[oneadmin at mdskvm-p01 ~]$ ls -ld
>>/var{,/lib{,/one{,/datastores{,/0{,/38{,/disk.1}}}}}}
>>drwxr-xr-x. 21 root     root       4096 Apr 11 07:10 /var
>>drwxr-xr-x. 45 root     root       4096 Apr 12 07:58 /var/lib
>>drwxr-x---  12 oneadmin oneadmin   4096 Apr 12 15:50 /var/lib/one
>
>Look ^^, maybe for a quick workaround you could try doing:
>
>  chmod o+rx /var/lib/one
>

Actually, o+x ought to be enough.

>Let me know if that does the trick (at least for now).
>
>>drwxrwxr-x   6 oneadmin oneadmin     46 Mar 31 02:44 /var/lib/one/datastores
>>drwxrwxr-x   6 oneadmin oneadmin     42 Apr  5 00:20
>>/var/lib/one/datastores/0
>>drwxrwxr-x   2 oneadmin oneadmin     68 Apr  5 00:20
>>/var/lib/one/datastores/0/38
>>-rw-r--r--   1 oneadmin oneadmin 372736 Apr  5 00:20
>>/var/lib/one/datastores/0/38/disk.1
>>[oneadmin at mdskvm-p01 ~]$
>>
>>That's the default setting but I think I see what you're getting at that
>>permissions get inherited?
>>
>
>No, I just think you need eXecute on all parent directories.  That
>shouldn't hinder your security and could help.
>
>>Cheers,
>>Tom K.
>>-------------------------------------------------------------------------------------
>>
>>
>>Living on earth is expensive, but it includes a free trip around the sun.
>>



>--
>libvir-list mailing list
>libvir-list at redhat.com
>https://www.redhat.com/mailman/listinfo/libvir-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20160412/e79ffe59/attachment.sig>

More information about the libvirt-users mailing list