libvirt users - Aug 2016 - Re: Libvirt: dynamic ownership did not work

Hi,
I have a very strange problem with libvirt. I work on some machines 
with libvirt (Debian/ Arch Linux) and libvirt set the ownership of 
images file automatically to the qemu user / group for example on Arch 
Linux to nobody:kvm.
So when I copy an image file with root and use I then with qemu, 
libvirt change the owner/ group to nobody:kvm.

But I also compiled libvirt for a machine (gcc 4.9.4 glibc 2.12) and on 
 this machine libvirt did not change the ownership of the image files 
which results in this error:

libvirtError: internal error: process exited while connecting to 
monitor: able-ticketing,seamless-migration=on -device 
qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,vram64_size_mb=0,vgamem_mb=16,bus=pci.0,addr=0x2
-device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device 
hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -chardev 
spicevmc,id=charredir0,name=usbredir -device 
usb-redir,chardev=charredir0,id=redir0 -device 
virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x7 -msg timestamp=on
2016-08-03T18:19:47.494512Z qemu-system-x86_64: -drive 
file=/data/hdd1/libvirt/images/test.img,format=raw,if=none,id=drive-virtio-disk0:
Could not open '/data/hdd1/libvirt/images/test.img': Permission denied

When I set the ownership manually to nobody:kvm everything is fine, but 
I could not work out why libvirt is unable to set the ownership 
automatically.

Can anybody give me a hint where I could search further to work out the 
problem?

My libvirt version is 1.3.3.2 and the settings dynamic_ownership = 1 in 
/etc/libvirt/qemu.conf is set.

I also created a bug report where I described the problem a little bit 
more detailed.

https://bugzilla.redhat.com/show_bug.cgi?id=1363864

Thanks for every help.

Regards Jonatan
​

On 03.08.2016 21:17, Jonatan Schlag wrote:
> Hi,
> I have a very strange problem with libvirt. I work on some machines with
> libvirt (Debian/ Arch Linux) and libvirt set the ownership of images
> file automatically to the qemu user / group for example on Arch Linux to
> nobody:kvm.
> So when I copy an image file with root and use I then with qemu, libvirt
> change the owner/ group to nobody:kvm.
> 
> But I also compiled libvirt for a machine (gcc 4.9.4 glibc 2.12) and on
> this machine libvirt did not change the ownership of the image files
> which results in this error:
> 
> libvirtError: internal error: process exited while connecting to
> monitor: able-ticketing,seamless-migration=on -device
>
qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,vram64_size_mb=0,vgamem_mb=16,bus=pci.0,addr=0x2
> -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device
> hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -chardev
> spicevmc,id=charredir0,name=usbredir -device
> usb-redir,chardev=charredir0,id=redir0 -device
> virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x7 -msg timestamp=on
> 2016-08-03T18:19:47.494512Z qemu-system-x86_64: -drive
>
file=/data/hdd1/libvirt/images/test.img,format=raw,if=none,id=drive-virtio-disk0:
> Could not open '/data/hdd1/libvirt/images/test.img': Permission
denied
Can you please share the debug logs?

http://wiki.libvirt.org/page/DebugLogs

Also, my initial suspect, before diving any deeper is that usually, when
users compile libvirt on their own, they forget to set the correct
prefix, therefore libvirt is looking for its config files NOT under
/etc/libvirt but /usr/local/etc/ or whatever.

BTW: is the daemon running under root?

Michal

Am Do, 4. Aug, 2016 um 11:32 schrieb Michal Privoznik 
<mprivozn@redhat.com>:
> On 03.08.2016 21:17, Jonatan Schlag wrote:
>>  Hi,
>>  I have a very strange problem with libvirt. I work on some machines 
>> with
>>  libvirt (Debian/ Arch Linux) and libvirt set the ownership of images
>>  file automatically to the qemu user / group for example on Arch 
>> Linux to
>>  nobody:kvm.
>>  So when I copy an image file with root and use I then with qemu, 
>> libvirt
>>  change the owner/ group to nobody:kvm.
>> 
>>  But I also compiled libvirt for a machine (gcc 4.9.4 glibc 2.12) 
>> and on
>>  this machine libvirt did not change the ownership of the image files
>>  which results in this error:
>> 
>>  libvirtError: internal error: process exited while connecting to
>>  monitor: able-ticketing,seamless-migration=on -device
>>  
>>
qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,vram64_size_mb=0,vgamem_mb=16,bus=pci.0,addr=0x2
>>  -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device
>>  hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -chardev
>>  spicevmc,id=charredir0,name=usbredir -device
>>  usb-redir,chardev=charredir0,id=redir0 -device
>>  virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x7 -msg timestamp=on
>>  2016-08-03T18:19:47.494512Z qemu-system-x86_64: -drive
>>  
>>
file=/data/hdd1/libvirt/images/test.img,format=raw,if=none,id=drive-virtio-disk0:
>>  Could not open '/data/hdd1/libvirt/images/test.img':
Permission
>> denied
> 
> Can you please share the debug logs?
> 
> http://wiki.libvirt.org/page/DebugLogs
> 
> Also, my initial suspect, before diving any deeper is that usually, 
> when
> users compile libvirt on their own, they forget to set the correct
> prefix, therefore libvirt is looking for its config files NOT under
> /etc/libvirt but /usr/local/etc/ or whatever.
> 
> BTW: is the daemon running under root?
> 
> Michal
Hi,

The daemon runs under root.

I uploaded the debug logs to:

http://people.ipfire.org/~jschlag/1363864/1_libvirtd.log

The UID of the user nobody is 99, the GID of the group kvm is 1011.

I added my configure options to the bug report.

Following the log the ownership is changed but why is the file still 
owned by root:root?

Regards Jonatan