Qiu Yu
2013-May-31 08:03 UTC
Re: [Libguestfs] How to use libguestfs access LVM as non-root user?
On Fri, May 31, 2013 at 3:55 PM, Richard W.M. Jones <rjones@redhat.com>wrote:> On Fri, May 31, 2013 at 10:58:30AM +0800, Qiu Yu wrote: > > Unfortunately, the standard 'disk' group permission only applies to > > /dev/sdX device nodes, not to device mapper nodes created by LVM > commands. > > Actually, it depends on udev rules. On my machine device mapper > nodes very much are owned by the disk group: > > $ ll /dev/dm-* > brw-rw----. 1 root disk 253, 0 May 15 13:26 /dev/dm-0 > brw-rw----. 1 root disk 253, 1 May 15 13:26 /dev/dm-1 > brw-rw----. 1 root disk 253, 10 May 24 13:54 /dev/dm-10 > brw-rw----. 1 root disk 253, 11 May 15 13:26 /dev/dm-11 > brw-rw----. 1 root root 253, 12 May 29 21:29 /dev/dm-12 > [etc] > > You can add udev rules to change the ownership. See: > > https://wiki.archlinux.org/index.php/Udev > > Rich. > >Thanks Richard, you're right. I just find out myself few moments ago. Actually I'm looking into an issue with OpenStack / Libvirt manipulating LVM as an image backend. When the logical volume is created, udev rules will set the ownership to root:disk. After libvirt actually starting an instance, device node ownership will change to qemu:qemu by libvirt. Then, if you stop an instance, the device node ownership will change back to root:root. Seems there's some inconsistency here. Anyway, it has nothing to do with the libguestfs. Thank you so much for your help and the information! :) -- Qiu Yu
Richard W.M. Jones
2013-May-31 08:17 UTC
Re: [Libguestfs] How to use libguestfs access LVM as non-root user?
On Fri, May 31, 2013 at 04:03:32PM +0800, Qiu Yu wrote:> Actually I'm looking into an issue with OpenStack / Libvirt manipulating > LVM as an image backend. When the logical volume is created, udev rules > will set the ownership to root:disk. After libvirt actually starting an > instance, device node ownership will change to qemu:qemu by libvirt. Then, > if you stop an instance, the device node ownership will change back to > root:root. Seems there's some inconsistency here.This is actually a well-known bug in libvirt. https://bugzilla.redhat.com/show_bug.cgi?id=796072 (marked as a duplicate of a private bug 547546 for some reason -- I will try to get this made non-private) You can turn off libvirt's ownership management (set dynamic_ownership = 0 in /etc/libvirt/qemu.conf) however this will cause other problems. I don't think there is a proper solution to this yet. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones virt-top is 'top' for virtual machines. Tiny program with many powerful monitoring features, net stats, disk stats, logging, etc. http://people.redhat.com/~rjones/virt-top
Qiu Yu
2013-May-31 10:39 UTC
Re: [Libguestfs] How to use libguestfs access LVM as non-root user?
On Fri, May 31, 2013 at 4:17 PM, Richard W.M. Jones <rjones@redhat.com>wrote:> On Fri, May 31, 2013 at 04:03:32PM +0800, Qiu Yu wrote: > > Actually I'm looking into an issue with OpenStack / Libvirt manipulating > > LVM as an image backend. When the logical volume is created, udev rules > > will set the ownership to root:disk. After libvirt actually starting an > > instance, device node ownership will change to qemu:qemu by libvirt. > Then, > > if you stop an instance, the device node ownership will change back to > > root:root. Seems there's some inconsistency here. > > This is actually a well-known bug in libvirt. > > https://bugzilla.redhat.com/show_bug.cgi?id=796072 > (marked as a duplicate of a private bug 547546 for some reason -- > I will try to get this made non-private) > > You can turn off libvirt's ownership management (set dynamic_ownership > = 0 in /etc/libvirt/qemu.conf) however this will cause other problems. > I don't think there is a proper solution to this yet. > > Rich. > >Richard, Really thanks for the advice. But seems I'm hitting another permission issue regarding libguestfs and LVM image. Following code snippet is stripped from OpenStack data injection logic. Running as non-root user (stack) will report "guestfs_launch failed" error, and the debug message shows it failed to open the LVM device node. I've already set up the group permission ('disk' and 'fuse') for the 'stack' user. Could you shed some lights of what else should I look into? Thanks! $ cat test.py import guestfs g = guestfs.GuestFS() g.add_drive_opts("/dev/xenvg/123", format="qcow2") g.launch() $ id uid=501(stack) gid=504(stack) groups=504(stack),6(disk),498(fuse) $ ll /dev/mapper/xenvg-123 lrwxrwxrwx 1 root root 7 May 31 17:16 /dev/mapper/xenvg-123 -> ../dm-2 $ ll /dev/dm-2 brw-rw---- 1 root disk 253, 2 May 31 18:06 /dev/dm-2 $ python test.py libguestfs: trace: add_drive_opts "/dev/xenvg/123" "format:qcow2" libguestfs: trace: add_drive_opts = 0 libguestfs: trace: launch libguestfs: trace: launch = -1 (error) Traceback (most recent call last): File "test.py", line 4, in <module> g.launch() File "/usr/lib/python2.6/site-packages/guestfs.py", line 244, in launch return libguestfsmod.launch (self._o) RuntimeError: guestfs_launch failed, see earlier error messages libguestfs: trace: close $ export LIBGUESTFS_DEBUG=1 $ python test.py libguestfs: new guestfs handle 0x26a8250 libguestfs: trace: add_drive_opts "/dev/xenvg/123" "format:qcow2" libguestfs: trace: add_drive_opts = 0 libguestfs: trace: launch libguestfs: [00000ms] febootstrap-supermin-helper --verbose -f checksum '/usr/lib64/guestfs/supermin.d' x86_64 supermin helper [00000ms] whitelist = (not specified), host_cpu = x86_64, kernel = (null), initrd = (null), appliance = (null) supermin helper [00000ms] inputs[0] = /usr/lib64/guestfs/supermin.d checking modpath /lib/modules/2.6.32-358.6.2.ns8.el6.x86_64 is a directory picked vmlinuz-2.6.32-358.6.2.ns8.el6.x86_64 because modpath /lib/modules/2.6.32-358.6.2.ns8.el6.x86_64 exists supermin helper [00000ms] finished creating kernel supermin helper [00000ms] visiting /usr/lib64/guestfs/supermin.d supermin helper [00000ms] visiting /usr/lib64/guestfs/supermin.d/base.img supermin helper [00000ms] visiting /usr/lib64/guestfs/supermin.d/daemon.img supermin helper [00000ms] visiting /usr/lib64/guestfs/supermin.d/hostfiles supermin helper [00015ms] visiting /usr/lib64/guestfs/supermin.d/init.img supermin helper [00015ms] adding kernel modules supermin helper [00080ms] finished creating appliance libguestfs: [00083ms] begin testing qemu features libguestfs: [00097ms] finished testing qemu features libguestfs: accept_from_daemon: 0x26a8250 g->state = 1 [00098ms] /usr/libexec/qemu-kvm \ -global virtio-blk-pci.scsi=off \ -drive file=/dev/xenvg/123,cache=off,format=qcow2,if=virtio \ -nodefconfig \ -enable-kvm \ -nodefaults \ -nographic \ -m 500 \ -no-reboot \ -device virtio-serial \ -serial stdio \ -chardev socket,path=/tmp/libguestfssaaw6T/guestfsd.sock,id=channel0 \ -device virtserialport,chardev=channel0,name=org.libguestfs.channel.0 \ -kernel /var/tmp/.guestfs-501/kernel.30285 \ -initrd /var/tmp/.guestfs-501/initrd.30285 \ -append 'panic=1 console=ttyS0 udevtimeout=300 no_timer_check acpi=off printk.time=1 cgroup_disable=memory selinux=0 guestfs_verbose=1 TERM=screen-bce ' \ -drive file=/var/tmp/.guestfs-501/root.30285,snapshot=on,if=virtio,cache=unsafeqemu-kvm: -drive file=/dev/xenvg/123,cache=off,format=qcow2,if=virtio: could not open disk image /dev/xenvg/123: Invalid argument libguestfs: child_cleanup: 0x26a8250: child process died libguestfs: trace: launch = -1 (error) Traceback (most recent call last): File "test.py", line 4, in <module> g.launch() File "/usr/lib/python2.6/site-packages/guestfs.py", line 244, in launch return libguestfsmod.launch (self._o) RuntimeError: guestfs_launch failed, see earlier error messages libguestfs: trace: close libguestfs: closing guestfs handle 0x26a8250 (state 0) -- Qiu Yu