Guan Qiang
2013-Jul-16 05:29 UTC
Re: [libvirt-users] Hotplug of disk devices in LXC failed with libvirt of version 1.0.2
于 2013/7/15 17:32, Gao feng 写道:> On 07/15/2013 05:18 PM, hzguanqiang wrote: >> Hi, Gao Feng >> >> I've tried what you said, but still exists the problem: >> >> ubuntu@lxc:~$ vir attach-disk instance-0000002c /dev/dm-0 sdb >> error: Failed to attach disk >> error: Unable to create device /proc/10366/root/dev/sdb: Permission denied >> >> I think finding what it means by saying 'Unable to create device /proc/10366/root/dev/sdb: Permission denied' is the key. >> But anyway, thanks for your help! >> > Do you have <idmap> configured for your lxc domain? > I just posted a patchset to fix the problem that failed to create device when user namespace enabled. > > BTW, does it work well if you directly write the configuration to the xml of lxc domain? > > ThanksHi, Gao feng, I tried to write the configuration in the xml as you said, and it works. And I didn't set <idmap> configure for my lxc domain. The xml content of my lxc domain is just as following: <domain type='lxc' id='13071'> <name>instance-0000002b</name> <uuid>cf76c280-ac9c-44a6-94e3-237b46a7a68b</uuid> <memory unit='KiB'>2097152</memory> <currentMemory unit='KiB'>2097152</currentMemory> <vcpu placement='static'>1</vcpu> <os> <type arch='x86_64'>exe</type> <init>/sbin/init</init> <cmdline>console=tty0 console=ttyS0</cmdline> </os> <clock offset='utc'/> <on_poweroff>destroy</on_poweroff> <on_reboot>restart</on_reboot> <on_crash>destroy</on_crash> <devices> <emulator>/usr/lib/libvirt/libvirt_lxc</emulator> <filesystem type='mount' accessmode='passthrough'> <source dir='/opt/stack/data/nova/instances/cf76c280-ac9c-44a6-94e3-237b46a7a68b/rootfs'/> <target dir='/'/> </filesystem> <interface type='bridge'> <mac address='fa:16:3e:7a:1b:c8'/> <source bridge='br100'/> <target dev='veth0'/> <filterref filter='nova-instance-instance-0000002b-fa163e7a1bc8'/> </interface> <console type='pty' tty='/dev/pts/2'> <source path='/dev/pts/2'/> <target type='lxc' port='0'/> <alias name='console0'/> </console> </devices> <seclabel type='none'/> </domain> I still don't understand why I can't hotplug attach disk device for the lxc domain. Expect more detailed answer, Thanks!
Gao feng
2013-Jul-17 08:15 UTC
Re: [libvirt-users] Hotplug of disk devices in LXC failed with libvirt of version 1.0.2
On 07/16/2013 01:29 PM, Guan Qiang wrote:> 于 2013/7/15 17:32, Gao feng 写道: >> On 07/15/2013 05:18 PM, hzguanqiang wrote: >>> Hi, Gao Feng >>> >>> I've tried what you said, but still exists the problem: >>> >>> ubuntu@lxc:~$ vir attach-disk instance-0000002c /dev/dm-0 sdb >>> error: Failed to attach disk >>> error: Unable to create device /proc/10366/root/dev/sdb: Permission denied >>> >>> I think finding what it means by saying 'Unable to create device /proc/10366/root/dev/sdb: Permission denied' is the key. >>> But anyway, thanks for your help! >>> >> Do you have <idmap> configured for your lxc domain? >> I just posted a patchset to fix the problem that failed to create device when user namespace enabled. >> >> BTW, does it work well if you directly write the configuration to the xml of lxc domain? >> >> Thanks > Hi, Gao feng, > > I tried to write the configuration in the xml as you said, and it works. > > And I didn't set <idmap> configure for my lxc domain. The xml content of my lxc domain is just as following: >...> I still don't understand why I can't hotplug attach disk device for the lxc domain. > Expect more detailed answer, Thanks! >it's because apparmor deny libvirt to create device node under directory /proc/10366/root/dev/. I don't know if this will help you, you can have a try. change the apparmor profile of libvirtd. check the /etc/apparmor.d/usr.sbin.libvirtd, and add /proc/ rw. Thanks!
Gao feng
2013-Jul-17 09:47 UTC
Re: [libvirt-users] Hotplug of disk devices in LXC failed with libvirt of version 1.0.2
On 07/17/2013 04:15 PM, Gao feng wrote:> On 07/16/2013 01:29 PM, Guan Qiang wrote: >> 于 2013/7/15 17:32, Gao feng 写道: >>> On 07/15/2013 05:18 PM, hzguanqiang wrote: >>>> Hi, Gao Feng >>>> >>>> I've tried what you said, but still exists the problem: >>>> >>>> ubuntu@lxc:~$ vir attach-disk instance-0000002c /dev/dm-0 sdb >>>> error: Failed to attach disk >>>> error: Unable to create device /proc/10366/root/dev/sdb: Permission denied >>>> >>>> I think finding what it means by saying 'Unable to create device /proc/10366/root/dev/sdb: Permission denied' is the key. >>>> But anyway, thanks for your help! >>>> >>> Do you have <idmap> configured for your lxc domain? >>> I just posted a patchset to fix the problem that failed to create device when user namespace enabled. >>> >>> BTW, does it work well if you directly write the configuration to the xml of lxc domain? >>> >>> Thanks >> Hi, Gao feng, >> >> I tried to write the configuration in the xml as you said, and it works. >> >> And I didn't set <idmap> configure for my lxc domain. The xml content of my lxc domain is just as following: >> > ... >> I still don't understand why I can't hotplug attach disk device for the lxc domain. >> Expect more detailed answer, Thanks! >> > > it's because apparmor deny libvirt to create device node under directory /proc/10366/root/dev/. > > I don't know if this will help you, you can have a try. > > change the apparmor profile of libvirtd. check the /etc/apparmor.d/usr.sbin.libvirtd, > and add /proc/ rw.ln -s /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable/ & /etc/init.d/apparmor restart should work, but libvirtd will run out of apparmor's control.
Apparently Analagous Threads
- Re: Hotplug of disk devices in LXC failed with libvirt of version 1.0.2
- Re: Hotplug of disk devices in LXC failed with libvirt of version 1.0.2
- Re: Hotplug of disk devices in LXC failed with libvirt of version 1.0.2
- Hotplug of disk devices in LXC failed with libvirt of version 1.0.2
- Re: Problem about lxc-enter-namespace interface