Libvirt + Debian Live = Heart Attack

Elias Mobery eliasmobery at gmail.com
Wed Nov 24 15:01:34 UTC 2021 

Hello Michal, thank you for the reply!

I've carefully tested everything you suggested, thanks.

I set dynamic_ownership=0 and use these hooks during the live build for
permissions. (I googled a lot, and apparently libvirt needs the images to
be executable too)

chown -R libvirt-qemu:kvm  /var/lib/libvirt/images
chmod -R g+rwx /var/lib/libvirt/images

Booting the live debian iso everything works in virt-manager, but again,
after clicking "run", a copy of the vm image is created in
/run/live/overlay/rw/var/lib/libvirt/images and only then does the VM start.

Either it's still being chowned or chmodded somehow, or it's something
else, but I can't stop this copy being made.

Interestingly, when I boot the Live debian iso and then copy the images
into /var/lib/libvirt/images from my USB stick, the VM starts immediately
without creating any copies in the /run/live.... directory. So my guess is
that maybe the squashfs could be the issue?

Editing the XML

<source file='/var/lib/libvirt/images/vm1.qcow2'>
      <seclabel relabel='no'/>
    </source>

This results in an error:
Unsupported Configuration:
Security driver model 'null' not available

Here I tried setting security_driver=none in qemu.conf but same error after.

</devices>
    <seclabel type='none'/>
  </domain>

This also returns an Error but I'm still googling to understand it properly.

XML document failed to validate against schema
Unable to validate doc against /usr/share/libvirt/schemas/domain.rng
Invalid element relabel  for element seclabel
Extra element seclabel in interleave
Element domain failed to validate content

Thanks again so much for your helo, I've been messing with this for weeks
now and it's killing me.

On Tue, Nov 23, 2021, 9:43 PM Michal Prívozník <mprivozn at redhat.com> wrote:

> On 11/23/21 17:25, Elias Mobery wrote:
> >
> > Hi everyone!
> >
> > I've built a Debian Live ISO with packages qemu and libvirt to run a VM
> > in the live environment.
> >
> > The guest images are placed in  /var/lib/libvirt/images and 2GB each.
> >
> > Everything works great, except for one issue.
> >
> > When starting a VM, libvirt automatically issues a chown command to the
> > images, changing ownership.
> >
> > This results in a copy of the images being created in
> > /run/live/overlay/rw/var/lib/libvirt/images
> >
> > I don't want these copies to be made but can't stop it.
> >
> > I've tried editing qemu.conf user/group, dynamic ownership etc. without
> > any luck.
> >
> > Is there a way to STOP libvirt from changing the ownership of these
> images?
> >
> >
>
> Setting dynamic_ownership=0 in qemu.conf is the way to go (don't forget
> to restart the daemon after you made the change).
>
> Alternatively, you can set <seclabel/> either for whole domain or
> individual disks, e.g. like this:
>
>   <disk type='file' device='disk'>
>     <driver name='qemu' type='qcow2'/>
>     <source file='/var/lib/libvirt/images/vm1.qcow2'>
>       <seclabel relabel='no'/>
>     </source>
>   </disk>
>
> or for whole domain:
>
>     ...
>     </devices>
>     <seclabel type='none'/>
>   </domain>
>
> I'm not sure what your setup is, but if chown() is a problem then what
> if guest tries to write onto its disk? Wouldn't that create a copy in
> overlay?
>
> Michal
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20211124/8d316c06/attachment.htm>

More information about the libvirt-users mailing list