libvirt users - Apr 2016 - Re: [libvirt] Libvirtd running as root tries to access oneadmin (OpenNebula) NFS mount but throws: error: can’t canonicalize path

On Tue, Apr 12, 2016 at 03:55:45PM -0400, TomK wrote:
>On 4/12/2016 3:40 PM, Martin Kletzander wrote:
>> [ I would be way easier to reply if you didn't top-post ]
>>
>> On Tue, Apr 12, 2016 at 12:07:50PM -0400, TomK wrote:
>>> On 4/12/2016 11:45 AM, John Ferlan wrote:
>>>> What got my attention was the error message "initializing
FS storage
>>>> file" with the "file:" prefix to the name and
9869:9869 as the uid:gid
>>>> trying to access the file (I assume that's
oneadmin:oneadmin on your
>>>> system).
>>>>
>>
>> I totally missed this.  So the only thing that popped on my mind now
was
>> checking the whole path:
>>
>>  ls -ld /var{,/lib{,/one{,/datastores{,/0{,/38{,/disk.1}}}}}}
>>
>> You can also run it as root and oneadmin, however after reading through
>> all the info again, I don't think that'll help.
>>
>I top post by default in thunderbird and we have same setup at work with
>M$ LookOut.  Old habits are to blame I guess.  I'll try to reply  like
>this instead.  But yeah it's terrible for mailing lists to top post.
>Here's the output and thanks again:
>
>[oneadmin@mdskvm-p01 ~]$ ls -ld
>/var{,/lib{,/one{,/datastores{,/0{,/38{,/disk.1}}}}}}
>drwxr-xr-x. 21 root     root       4096 Apr 11 07:10 /var
>drwxr-xr-x. 45 root     root       4096 Apr 12 07:58 /var/lib
>drwxr-x---  12 oneadmin oneadmin   4096 Apr 12 15:50 /var/lib/one
Look ^^, maybe for a quick workaround you could try doing:

  chmod o+rx /var/lib/one

Let me know if that does the trick (at least for now).
>drwxrwxr-x   6 oneadmin oneadmin     46 Mar 31 02:44 /var/lib/one/datastores
>drwxrwxr-x   6 oneadmin oneadmin     42 Apr  5 00:20
>/var/lib/one/datastores/0
>drwxrwxr-x   2 oneadmin oneadmin     68 Apr  5 00:20
>/var/lib/one/datastores/0/38
>-rw-r--r--   1 oneadmin oneadmin 372736 Apr  5 00:20
>/var/lib/one/datastores/0/38/disk.1
>[oneadmin@mdskvm-p01 ~]$
>
>That's the default setting but I think I see what you're getting at
that
>permissions get inherited?
>
No, I just think you need eXecute on all parent directories.  That
shouldn't hinder your security and could help.
>Cheers,
>Tom K.
>-------------------------------------------------------------------------------------
>
>
>Living on earth is expensive, but it includes a free trip around the sun.
>

On Tue, Apr 12, 2016 at 10:29:29PM +0200, Martin Kletzander
wrote:
>On Tue, Apr 12, 2016 at 03:55:45PM -0400, TomK wrote:
>>On 4/12/2016 3:40 PM, Martin Kletzander wrote:
>>> [ I would be way easier to reply if you didn't top-post ]
>>>
>>> On Tue, Apr 12, 2016 at 12:07:50PM -0400, TomK wrote:
>>>> On 4/12/2016 11:45 AM, John Ferlan wrote:
>>>>> What got my attention was the error message
"initializing FS storage
>>>>> file" with the "file:" prefix to the name
and 9869:9869 as the uid:gid
>>>>> trying to access the file (I assume that's
oneadmin:oneadmin on your
>>>>> system).
>>>>>
>>>
>>> I totally missed this.  So the only thing that popped on my mind
now was
>>> checking the whole path:
>>>
>>>  ls -ld /var{,/lib{,/one{,/datastores{,/0{,/38{,/disk.1}}}}}}
>>>
>>> You can also run it as root and oneadmin, however after reading
through
>>> all the info again, I don't think that'll help.
>>>
>>I top post by default in thunderbird and we have same setup at work with
>>M$ LookOut.  Old habits are to blame I guess.  I'll try to reply 
like
>>this instead.  But yeah it's terrible for mailing lists to top post.
>>Here's the output and thanks again:
>>
>>[oneadmin@mdskvm-p01 ~]$ ls -ld
>>/var{,/lib{,/one{,/datastores{,/0{,/38{,/disk.1}}}}}}
>>drwxr-xr-x. 21 root     root       4096 Apr 11 07:10 /var
>>drwxr-xr-x. 45 root     root       4096 Apr 12 07:58 /var/lib
>>drwxr-x---  12 oneadmin oneadmin   4096 Apr 12 15:50 /var/lib/one
>
>Look ^^, maybe for a quick workaround you could try doing:
>
>  chmod o+rx /var/lib/one
>
Actually, o+x ought to be enough.
>Let me know if that does the trick (at least for now).
>
>>drwxrwxr-x   6 oneadmin oneadmin     46 Mar 31 02:44
/var/lib/one/datastores
>>drwxrwxr-x   6 oneadmin oneadmin     42 Apr  5 00:20
>>/var/lib/one/datastores/0
>>drwxrwxr-x   2 oneadmin oneadmin     68 Apr  5 00:20
>>/var/lib/one/datastores/0/38
>>-rw-r--r--   1 oneadmin oneadmin 372736 Apr  5 00:20
>>/var/lib/one/datastores/0/38/disk.1
>>[oneadmin@mdskvm-p01 ~]$
>>
>>That's the default setting but I think I see what you're getting
at that
>>permissions get inherited?
>>
>
>No, I just think you need eXecute on all parent directories.  That
>shouldn't hinder your security and could help.
>
>>Cheers,
>>Tom K.
>>-------------------------------------------------------------------------------------
>>
>>
>>Living on earth is expensive, but it includes a free trip around the
sun.
>>

>--
>libvir-list mailing list
>libvir-list@redhat.com
>https://www.redhat.com/mailman/listinfo/libvir-list