Peter Dimitrov
2018-Nov-02 16:04 UTC
[Libguestfs] guestfs_launch() fails when C application is started as a systemd service
Hello, I have a simple C program that uses libguestfs to extract info about disk usage from a libvirt domain. It works when ran manually as root, but fails when started as a systemd service. I'm attaching the service file, source code and verbose logs from both the successful manual run and from the service journal. SELinix is disabled. Error messages: libguestfs: set_socket_create_context: getcon failed: (none): Invalid argument [you can ignore this message if you are not using SELinux + sVirt] libguestfs: clear_socket_create_context: setsockcreatecon failed: NULL: Invalid argument [you can ignore this message if you are not using SELinux + sVirt] libguestfs: error: chown: /tmp/libguestfsvMMaec/guestfsd.sock: Operation not permitted libguestfs: clear_socket_create_context: setsockcreatecon failed: NULL: Invalid argument [you can ignore this message if you are not using SELinux + sVirt] libguestfs: trace: launch = -1 (error) failed to launch domain: Invalid argument (Note on the service file: CapabilityBoundingSet is for future development - it seems to make no difference) Best Regards, Peter
Richard W.M. Jones
2018-Nov-02 19:47 UTC
Re: [Libguestfs] guestfs_launch() fails when C application is started as a systemd service
On Fri, Nov 02, 2018 at 06:04:08PM +0200, Peter Dimitrov wrote:> Hello, > > I have a simple C program that uses libguestfs to extract info about disk > usage from a libvirt domain. It works when ran manually as root, but fails > when started as a systemd service. > > I'm attaching the service file, source code and verbose logs from both the > successful manual run and from the service journal. > > SELinix is disabled. > > Error messages: > libguestfs: set_socket_create_context: getcon failed: (none): Invalid > argument [you can ignore this message if you are not using SELinux + sVirt] > libguestfs: clear_socket_create_context: setsockcreatecon failed: NULL: > Invalid argument [you can ignore this message if you are not using SELinux > + sVirt] > libguestfs: error: chown: /tmp/libguestfsvMMaec/guestfsd.sock: Operation > not permitted > libguestfs: clear_socket_create_context: setsockcreatecon failed: NULL: > Invalid argument [you can ignore this message if you are not using SELinux > + sVirt] > libguestfs: trace: launch = -1 (error) > failed to launch domain: Invalid argumentI cannot see what the problem is immediately, but I guess that systemd is confining the service in such a way that libvirt has problems. Firstly I would try using the direct backend: export LIBGUESTFS_BACKEND=direct If it's still not fixed, then it's something to do with systemd confining affecting qemu. If that fixes it, then it's a problem with libvirt, and you will need to find the libvirt log file. Usually that's in /var/log/libvirt/qemu/guestfs-*.log or in $HOME/.cache/libvirt/qemu/log/guestfs-*.log But I've no idea where it will end up when you're running everything under systemd. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-p2v converts physical machines to virtual machines. Boot with a live CD or over the network (PXE) and turn machines into KVM guests. http://libguestfs.org/virt-v2v
Peter Dimitrov
2018-Nov-07 10:32 UTC
Re: [Libguestfs] guestfs_launch() fails when C application is started as a systemd service
Thank you, Rich, This was the issue indeed. export LIBGUESTFS_BACKEND=direct fixed it. The next step I tried was to integrate libguestfs in collectd virt plugin to collect this data automatically. In this case I'm having an unknown error in add_libvirt_dom() (same with add_domain) when it's invoking qemu-img to create overlay image. There is no difference between manual and service execution. I tried setting LIBGUESTFS_BACKEND to direct, libvirt, libvirt:qemu:///session with no success. Also tried using a different tmp dir just in case - nothing. Maybe something is wrong with how collectd runs its plugins (dynamic linking)? Invoking virt-df from collectd's plugin gives the same error message. I tried running the same qemu-img command from collectd and it passes though! Confusing... Do you have any hints what to try? Here is the complete output from collectd: [2018-11-07 12:21:54] plugin_load: plugin "logfile" successfully loaded. [2018-11-07 12:21:54] plugin_load: plugin "syslog" successfully loaded. Before guestfs_create() UID: 0 Effective UID: 0 Before guestfs_set_verbose() Before guestfs_set_trace() Before guestfs_add_domain() libguestfs: trace: add_domain "wer" "readonly:true" libguestfs: opening libvirt handle: URI = NULL, auth = default+wrapper, flags = 0 libguestfs: successfully opened libvirt handle: conn = 0x7f7e70005210 libguestfs: trace: add_libvirt_dom (virDomainPtr)0x7f7e70005fa0 "readonly:true" libguestfs: original domain XML:\n<domain type='kvm' id='9'>\n <name>wer</name>\n <uuid>03fde334-92a5-4e5e-9247-924c9d40230f</uuid>\n <memory unit='KiB'>2097152</memory>\n <currentMemory unit='KiB'>2097152</currentMemory>\n <vcpu placement='static'>1</vcpu>\n <resource>\n <partition>/machine</partition>\n </resource>\n <os>\n <type arch='x86_64' machine='pc-i440fx-2.7'>hvm</type>\n <bootmenu enable='yes'/>\n </os>\n <features>\n <acpi/>\n <apic/>\n <vmport state='off'/>\n </features>\n <cpu mode='custom' match='exact'>\n <model fallback='allow'>Westmere</model>\n </cpu>\n <clock offset='utc'>\n <timer name='rtc' tickpolicy='catchup'/>\n <timer name='pit' tickpolicy='delay'/>\n <timer name='hpet' present='no'/>\n </clock>\n <on_poweroff>destroy</on_poweroff>\n <on_reboot>restart</on_reboot>\n <on_crash>destroy</on_crash>\n <pm>\n <suspend-to-mem enabled='no'/>\n <suspend-to-disk enabled='no'/>\n </pm>\n <devices>\n <emulator>/usr/bin/qemu-kvm</emulator>\n <disk type='file' device='disk'>\n <driver name='qemu' type='qcow2'/>\n <source file='/home/peterd/TVE/wer.qcow2'/>\n <backingStore/>\n <target dev='sda' bus='sata'/>\n <boot order='1'/>\n <alias name='sata0-0-0'/>\n <address type='drive' controller='0' bus='0' target='0' unit='0'/>\n </disk>\n <disk type='file' device='disk'>\n <driver name='qemu' type='qcow2'/>\n <source file='/var/lib/libvirt/images/wer.qcow2'/>\n <backingStore/>\n <target dev='sdb' bus='sata'/>\n <alias name='sata0-0-1'/>\n <address type='drive' controller='0' bus='0' target='0' unit='1'/>\n </disk>\n <disk type='file' device='cdrom'>\n <driver name='qemu' type='raw'/>\n <source file='/home/peterd/boot_new.iso'/>\n <backingStore/>\n <target dev='hda' bus='ide'/>\n <readonly/>\n <boot order='2'/>\n <alias name='ide0-0-0'/>\n <address type='drive' controller='0' bus='0' target='0' unit='0'/>\n </disk>\n <controller type='usb' index='0' model='ich9-ehci1'>\n <alias name='usb'/>\n <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x7'/>\n </controller>\n <controller type='usb' index='0' model='ich9-uhci1'>\n <alias name='usb'/>\n <master startport='0'/>\n <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0' multifunction='on'/>\n </controller>\n <controller type='usb' index='0' model='ich9-uhci2'>\n <alias name='usb'/>\n <master startport='2'/>\n <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x1'/>\n </controller>\n <controller type='usb' index='0' model='ich9-uhci3'>\n <alias name='usb'/>\n <master startport='4'/>\n <address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x2'/>\n </controller>\n <controller type='ide' index='0'>\n <alias name='ide'/>\n <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>\n </controller>\n <controller type='sata' index='0'>\n <alias name='sata0'/>\n <address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>\n </controller>\n <controller type='virtio-serial' index='0'>\n <alias name='virtio-serial0'/>\n <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>\n </controller>\n <controller type='scsi' index='0' model='virtio-scsi'>\n <alias name='scsi0'/>\n <address type='pci' domain='0x0000' bus='0x00' slot='0x09' function='0x0'/>\n </controller>\n <controller type='pci' index='0' model='pci-root'>\n <alias name='pci.0'/>\n </controller>\n <interface type='direct'>\n <mac address='52:54:00:2c:7a:bf'/>\n <source dev='macvlan0' mode='bridge'/>\n <target dev='macvtap0'/>\n <model type='e1000'/>\n <alias name='net0'/>\n <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>\n </interface>\n <serial type='pty'>\n <source path='/dev/pts/8'/>\n <target port='0'/>\n <alias name='serial0'/>\n </serial>\n <console type='pty' tty='/dev/pts/8'>\n <source path='/dev/pts/8'/>\n <target type='serial' port='0'/>\n <alias name='serial0'/>\n </console>\n <channel type='spicevmc'>\n <target type='virtio' name='com.redhat.spice.0' state='disconnected'/>\n <alias name='channel0'/>\n <address type='virtio-serial' controller='0' bus='0' port='1'/>\n </channel>\n <input type='mouse' bus='ps2'>\n <alias name='input0'/>\n </input>\n <input type='keyboard' bus='ps2'>\n <alias name='input1'/>\n </input>\n <graphics type='spice' port='5900' autoport='yes' listen='127.0.0.1'>\n <listen type='address' address='127.0.0.1'/>\n <image compression='off'/>\n </graphics>\n <sound model='ich6'>\n <alias name='sound0'/>\n <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>\n </sound>\n <video>\n <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>\n <alias name='video0'/>\n <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>\n </video>\n <redirdev bus='usb' type='spicevmc'>\n <alias name='redir0'/>\n <address type='usb' bus='0' port='1'/>\n </redirdev>\n <redirdev bus='usb' type='spicevmc'>\n <alias name='redir1'/>\n <address type='usb' bus='0' port='2'/>\n </redirdev>\n <memballoon model='virtio'>\n <alias name='balloon0'/>\n <address type='pci' domain='0x0000' bus='0x00' slot='0x08' function='0x0'/>\n </memballoon>\n </devices>\n <seclabel type='none' model='none'/>\n <seclabel type='dynamic' model='dac' relabel='yes'>\n <label>+0:+0</label>\n <imagelabel>+0:+0</imagelabel>\n </seclabel>\n</domain>\n libguestfs: trace: clear_backend_setting "internal_libvirt_norelabel_disks" libguestfs: trace: clear_backend_setting = 0 libguestfs: disk[0]: filename: /home/peterd/TVE/wer.qcow2 libguestfs: trace: add_drive "/home/peterd/TVE/wer.qcow2" "readonly:true" "format:qcow2" libguestfs: creating COW overlay to protect original drive content libguestfs: trace: get_tmpdir libguestfs: trace: get_tmpdir = "/tmp" libguestfs: trace: disk_create "/tmp/libguestfsUIZbDK/overlay1.qcow2" "qcow2" -1 "backingfile:/home/peterd/TVE/wer.qcow2" "backingformat:qcow2" libguestfs: command: run: qemu-img libguestfs: command: run: \ create libguestfs: command: run: \ -f qcow2 libguestfs: command: run: \ -o backing_file=/home/peterd/TVE/wer.qcow2,backing_fmt=qcow2 libguestfs: command: run: \ /tmp/libguestfsUIZbDK/overlay1.qcow2 Formatting '/tmp/libguestfsUIZbDK/overlay1.qcow2', fmt=qcow2 size=107374182400 backing_file=/home/peterd/TVE/wer.qcow2 backing_fmt=qcow2 encryption=off cluster_size=65536 lazy_refcounts=off refcount_bits=16 libguestfs: error: command: waitpid: No child processes libguestfs: error: qemu-img: /tmp/libguestfsUIZbDK/overlay1.qcow2: qemu-img exited for an unknown reason (status -1), see debug messages above libguestfs: trace: disk_create = -1 (error) libguestfs: trace: add_drive = -1 (error) libguestfs: trace: add_libvirt_dom = -1 (error) libguestfs: trace: add_domain = -1 (error) libguestfs: trace: close libguestfs: closing guestfs handle 0x7f7e700049f0 (state 0) libguestfs: command: run: rm libguestfs: command: run: \ -rf /tmp/libguestfsUIZbDK libguestfs: error: command: waitpid: No child processes Best Regards, Peter On Fri, Nov 2, 2018 at 9:48 PM Richard W.M. Jones <rjones@redhat.com> wrote:> On Fri, Nov 02, 2018 at 06:04:08PM +0200, Peter Dimitrov wrote: > > Hello, > > > > I have a simple C program that uses libguestfs to extract info about disk > > usage from a libvirt domain. It works when ran manually as root, but > fails > > when started as a systemd service. > > > > I'm attaching the service file, source code and verbose logs from both > the > > successful manual run and from the service journal. > > > > SELinix is disabled. > > > > Error messages: > > libguestfs: set_socket_create_context: getcon failed: (none): Invalid > > argument [you can ignore this message if you are not using SELinux + > sVirt] > > libguestfs: clear_socket_create_context: setsockcreatecon failed: NULL: > > Invalid argument [you can ignore this message if you are not using > SELinux > > + sVirt] > > libguestfs: error: chown: /tmp/libguestfsvMMaec/guestfsd.sock: Operation > > not permitted > > libguestfs: clear_socket_create_context: setsockcreatecon failed: NULL: > > Invalid argument [you can ignore this message if you are not using > SELinux > > + sVirt] > > libguestfs: trace: launch = -1 (error) > > failed to launch domain: Invalid argument > > I cannot see what the problem is immediately, but I guess that systemd > is confining the service in such a way that libvirt has problems. > > Firstly I would try using the direct backend: > > export LIBGUESTFS_BACKEND=direct > > If it's still not fixed, then it's something to do with systemd > confining affecting qemu. > > If that fixes it, then it's a problem with libvirt, and you will need > to find the libvirt log file. Usually that's in > /var/log/libvirt/qemu/guestfs-*.log or in > $HOME/.cache/libvirt/qemu/log/guestfs-*.log But I've no idea where it > will end up when you're running everything under systemd. > > Rich. > > -- > Richard Jones, Virtualization Group, Red Hat > http://people.redhat.com/~rjones > Read my programming and virtualization blog: http://rwmj.wordpress.com > virt-p2v converts physical machines to virtual machines. Boot with a > live CD or over the network (PXE) and turn machines into KVM guests. > http://libguestfs.org/virt-v2v >
Maybe Matching Threads
- Re: guestfs_launch() fails when C application is started as a systemd service
- Re: guestfs_launch() fails when C application is started as a systemd service
- Re: guestfs_launch() fails when C application is started as a systemd service
- [PATCH 0/7] Fix SELinux security contexts so we can access shared disks (RHBZ#912499).
- Re: guestfs_launch() fails when C application is started as a systemd service