[libvirt-users] Libvirt: dynamic ownership did not work
Jonatan Schlag
jonatan.schlag at ipfire.org
Thu Aug 4 18:28:36 UTC 2016
Am Do, 4. Aug, 2016 um 5:07 schrieb Michal Privoznik
<mprivozn at redhat.com>:
> On 04.08.2016 13:59, Jonatan Schlag wrote:
>>
>>
>> Am Do, 4. Aug, 2016 um 1:38 schrieb Michal Privoznik
>> <mprivozn at redhat.com>:
>>> On 04.08.2016 12:12, Jonatan Schlag wrote:
>>>>
>>>>
>>>> Am Do, 4. Aug, 2016 um 11:32 schrieb Michal Privoznik
>>>> <mprivozn at redhat.com>:
>>>>> On 03.08.2016 21:17, Jonatan Schlag wrote:
>>>>>> Hi,
>>>>>> I have a very strange problem with libvirt. I work on some
>>>>>> machines
>>>>>> with
>>>>>> libvirt (Debian/ Arch Linux) and libvirt set the ownership of
>>>>>> images
>>>>>> file automatically to the qemu user / group for example on
>>>>>> Arch
>>>>>> Linux to
>>>>>> nobody:kvm.
>>>>>> So when I copy an image file with root and use I then with
>>>>>> qemu,
>>>>>> libvirt
>>>>>> change the owner/ group to nobody:kvm.
>>>>>>
>>>>>> But I also compiled libvirt for a machine (gcc 4.9.4 glibc
>>>>>> 2.12)
>>>>>> and on
>>>>>> this machine libvirt did not change the ownership of the
>>>>>> image files
>>>>>> which results in this error:
>>>>>>
>>>>>> libvirtError: internal error: process exited while connecting
>>>>>> to
>>>>>> monitor: able-ticketing,seamless-migration=on -device
>>>>>>
>>>>>>
>>>>>>
>>>>>> qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,vram64_size_mb=0,vgamem_mb=16,bus=pci.0,addr=0x2
>>>>>>
>>>>>>
>>>>>> -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device
>>>>>> hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -chardev
>>>>>> spicevmc,id=charredir0,name=usbredir -device
>>>>>> usb-redir,chardev=charredir0,id=redir0 -device
>>>>>> virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x7 -msg
>>>>>> timestamp=on
>>>>>> 2016-08-03T18:19:47.494512Z qemu-system-x86_64: -drive
>>>>>>
>>>>>>
>>>>>>
>>>>>> file=/data/hdd1/libvirt/images/test.img,format=raw,if=none,id=drive-virtio-disk0:
>>>>>>
>>>>>>
>>>>>> Could not open '/data/hdd1/libvirt/images/test.img':
>>>>>> Permission
>>>>>> denied
>>>>>
>>>>> Can you please share the debug logs?
>>>>>
>>>>> http://wiki.libvirt.org/page/DebugLogs
>>>>>
>>>>> Also, my initial suspect, before diving any deeper is that
>>>>> usually,
>>>>> when
>>>>> users compile libvirt on their own, they forget to set the
>>>>> correct
>>>>> prefix, therefore libvirt is looking for its config files NOT
>>>>> under
>>>>> /etc/libvirt but /usr/local/etc/ or whatever.
>>>>>
>>>>> BTW: is the daemon running under root?
>>>>>
>>>>> Michal
>>>>
>>>> Hi,
>>>>
>>>> The daemon runs under root.
>>>>
>>>> I uploaded the debug logs to:
>>>>
>>>> http://people.ipfire.org/~jschlag/1363864/1_libvirtd.log
>>>>
>>>> The UID of the user nobody is 99, the GID of the group kvm is
>>>> 1011.
>>>>
>>>> I added my configure options to the bug report.
>>>>
>>>> Following the log the ownership is changed but why is the file
>>>> still
>>>> owned by root:root?
>>>
>>> Right. the file is set ownership.
>> But the file ist still owned by root:root and so it is not
>> accessable by
>> qemu as nobody:kvm. In the moment the only possible way is that the
>> change of the ownership fail, but then there should be an error
>> message,
>> but there is no error message in the log.
>
> Then the other option that comes to my mind is a race with somebody
> else
> on the system. You can attach gdb to the daemon and set breakpoint to
> virSecurityDACSetOwnershipInternal(). In the arguments you should see
> the path eventually among with uid:gid.
>
> BTW: what's the domain XML?
What did you need the xml file the domain is called test and the image
file is /data/hdd1/libvirt/images/test.img
>
>
> Michal
I did together with Michael Tremer some debugging and Michael posted
our results in the bugtracker. So it seems that the chown function is
not executed, because a other function return a wrong value.
Maybe the describtion in the bug report hepls to go furhter, when not
say what you need (logs) to debug the problem.
Regards Jonatan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20160804/8b7d0f29/attachment.htm>
More information about the libvirt-users
mailing list