[libvirt-users] provisioning with vagrant-libvirt leaves .img file only readable by root
Martin Kletzander
mkletzan at redhat.com
Wed Feb 15 16:43:47 UTC 2017
On Wed, Feb 15, 2017 at 02:25:12PM +0100, Hans-Christoph Steiner wrote:
>
>I'm using libvirt on Debian/stretch (testing) with vagrant and the
>vagrant-libvirt plugin. When I import a vagrant box (jessie64.box), the
>resulting file permssions let anyone in the "kvm" group read the img.
>But when I build upon that box, only root can read it:
>
I don't have any Vagrant experience, but if you have a file that any VM
(with qemu://system) is using, by default libvirt will make sure the VM
can use it and after that, set it to root:root. The proper way would be
setting it to permssions that it had before. We're dealing with this
for a couple of years now. It's still unfixed because we're trying to
fix every single corner-case and also there are so many things to
consider.
Anyway, if you will make sure that qemu can access it, you can disable
the automatic dynamic relabelling (either for the disk in the domain XML
by saying <seclabel ... relabel="no"/> for the disk or the whole domain
or all domains by setting dynamic_ownership to 0 in qemu.conf).
HTH,
Martin
>-rw------- 1 root root 20198785024 Sep 19 18:19
>buildserver_default.img
>-rwxr--r-- 1 libvirt-qemu kvm 2148663296 Sep 5 22:55
>jessie64_vagrant_box_image_0.img
>
>How can I control those file permissions as a regular user in the
>libvirtd group? I need to read that image in order to use qemu-img to
>rebase and create a new vagrant box. The current `vagrant package`
>command only works with VirtualBox VMs, but its easy to make a .box if
>you have read access to the libvirt QEMU .img file.
>
>/etc/libvirt/storage/default.xml says:
> <target>
> <path>/var/lib/libvirt/images</path>
> <permissions>
> <mode>0755</mode>
> </permissions>
> </target>
>
>
>You can find the context for this work here:
>https://gitlab.com/fdroid/fdroidserver/issues/238
>
>.hc
>
>--
>PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556
>https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556
>
>_______________________________________________
>libvirt-users mailing list
>libvirt-users at redhat.com
>https://www.redhat.com/mailman/listinfo/libvirt-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Digital signature
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20170215/9207594a/attachment.sig>
More information about the libvirt-users
mailing list