similar to: Disable certain VMs from being launched

libvirt doesn't have a concept of "session qemu" for root: https://bugzilla.redhat.com/show_bug.cgi?id=890291 When a libguestfs-using process runs as root, and libvirt runs a qemu subprocess, the qemu subprocess is run as a non-root user (typically qemu.qemu). This causes various problems, for example if we try to open a file which is readable by root but unreadable by qemu.qemu

thanks Richard, The experiment was indeed done with nested VM enabled. I am not sure about the internals, but i thought once overlay is setup the 2 main processes are sshd and qemu-img convert (reading data from sshd and doing the conversion) I don't see any of the qemu process running. Initial overlay setup was pretty quick and rest of the time was spent in qemu-img convert operation Suresh

On Tue, Jul 14, 2020 at 6:03 PM Daniel P. Berrangé <berrange@redhat.com> wrote: > On Tue, Jul 14, 2020 at 04:02:17PM +0300, Ram Lavi wrote: > > On Tue, Jul 14, 2020 at 3:33 PM Daniel P. Berrangé <berrange@redhat.com> > > wrote: > > > > > On Tue, Jul 14, 2020 at 03:21:17PM +0300, Ram Lavi wrote: > > > > Hello all, > > > > > >

I eliminated software-bridge( using iperf3 bandwidth/latency on the host and guest was almost the same) and disk write(using qemu-img convert src dest file both on the host and guestvm was comprable) being the issue. Next I profiled both sshd and qemu-img during the conversion phase using bpftools (profile and tcptop) and this is what i see. Time (min) File Size (KB) sshd RX (KB) tcptop

Hi, I'm trying to create a clone of a physical Window VM using p2v. My goal is to create a cloning tools VM that has libguestfs tools installed and acts as the convertor. VM conversion works just fine but the conversion rate is significantly slow(1/3) when running inside the VM compared to when the v2v is run on the same bare-metal host. On the host:

On 09/20/2018 12:31 PM, Milan Zamazal wrote: > Michal Prívozník <mprivozn@redhat.com> writes: > >> On 09/19/2018 12:39 PM, Milan Zamazal wrote: >>> Hi, I'm playing with dynamic ownership and not all objects have their >>> owners changed. >> >>> >>> Is dynamic_ownership and its scope documented somewhere, besides the >>>

On Wed, Mar 20, 2019 at 15:48:43 -0500, Eric Blake wrote: > On 3/20/19 1:50 PM, Mircea Husz wrote: > > I scripted the creation of snapshots and it works fine. Now I'd like to run the script as non-root. > > > > virsh snapshot-create-as --domain hq-live-v01 \ > >      --name snappy \ > >      --diskspec

On Wed, Jan 13, 2016 at 04:25:14PM +0100, Martin Kletzander wrote: > For each of the kernels, libvirt labels them (with both DAC and selinux > labels), then proceeds to launching qemu. If this is done parallel, the > race is pretty obvious. Could you remind me why you couldn't use > <seclabel model='none'/> or <seclabel relabel='no'/> or something that

On 04.08.2016 20:28, Jonatan Schlag wrote: > > >> Then the other option that comes to my mind is a race with somebody else >> on the system. You can attach gdb to the daemon and set breakpoint to >> virSecurityDACSetOwnershipInternal(). In the arguments you should see >> the path eventually among with uid:gid. >> >> BTW: what's the domain XML? >

libvirt version: 3.4.0 architecture: x86_64 ubuntu16.04-server hypervisor: kvm,qemu When migrate vm, I encounter error: "Migrate VM virt21 failed unsupported configuration: Unable to find security driver for model apparmor" but two host are same environment.before this error, migrate can be success. the source host seclabel configure is this : <seclabel type='dynamic'

On 08/19/2013 01:51 PM, Cristian Ciupitu wrote: > Hi, > > I'm installing the operating system for my virtual machines from CD > images and I would like for libvirtd to stop relabeling the > corresponding files. Since the installation media is no big secret, I > have labeled the files with system_u:object_r:public_content_t:s0, but > libvirtd keeps changing them to

On Thu, Jan 14, 2016 at 10:51:47AM +0100, Jiri Denemark wrote: > On Wed, Jan 13, 2016 at 16:25:14 +0100, Martin Kletzander wrote: > > On Wed, Jan 13, 2016 at 10:18:42AM +0000, Richard W.M. Jones wrote: > > >As people may know, we frequently encounter errors caused by libvirt > > >when running the libguestfs appliance. > > > > > >I wanted to find out

On Wed, Jan 13, 2016 at 10:18:42AM +0000, Richard W.M. Jones wrote: >As people may know, we frequently encounter errors caused by libvirt >when running the libguestfs appliance. > >I wanted to find out exactly how frequently these happen and classify >the errors, so I ran the 'virt-df' tool overnight 1700 times. This >tool runs several parallel qemu:///session libvirt

Previously we had assumed that when running as root, libvirt would always run qemu as a non-root user (eg. qemu.qemu), unless you modify a global configuration file (/etc/libvirt/qemu.conf). It turns out there is a little-known feature to make libvirt run qemu as root without modifying any configuration files. We have to add a <seclabel/> element to the appliance XML: <seclabel

On Wed, Jan 13, 2016 at 16:25:14 +0100, Martin Kletzander wrote: > On Wed, Jan 13, 2016 at 10:18:42AM +0000, Richard W.M. Jones wrote: > >As people may know, we frequently encounter errors caused by libvirt > >when running the libguestfs appliance. > > > >I wanted to find out exactly how frequently these happen and classify > >the errors, so I ran the

On 01/14/2016 05:12 AM, Daniel P. Berrange wrote: > On Thu, Jan 14, 2016 at 10:51:47AM +0100, Jiri Denemark wrote: >> On Wed, Jan 13, 2016 at 16:25:14 +0100, Martin Kletzander wrote: >>> On Wed, Jan 13, 2016 at 10:18:42AM +0000, Richard W.M. Jones wrote: >>>> As people may know, we frequently encounter errors caused by libvirt >>>> when running the

----- Original Message ----- > From: Martin Kletzander <mkletzan@redhat.com> > To: Cristian Ciupitu <cristian.ciupitu@yahoo.com> > Cc: Eric Blake <eblake@redhat.com>; libvirt-users <libvirt-users@redhat.com> > Sent: Tuesday, August 20, 2013 6:05 PM > Subject: Re: [libvirt-users] Stop the relabeling of CD images > > On 08/20/2013 04:19 AM, Cristian

Hello list, my name is Matteo, i'm new on that list. I'm working on a multitenancy platform with linux containers through libvirt on a production system with Red Hat 6.4. Every container run a separate instance of OpenSSH and Apache HTTPd and I need to give root privileges to the developers and I try to configure SELinux using svirt and MCS. I try the secmodel type dynamic and static in

On Thu, Oct 31, 2013 at 04:32:45PM +0100, Matteo Piccinini wrote: > Hello list, > > my name is Matteo, i'm new on that list. > I'm working on a multitenancy platform with linux containers through libvirt on a production system with Red Hat 6.4. > Every container run a separate instance of OpenSSH and Apache HTTPd and I need to give root privileges to the developers and I

[moderator note: I'm forwarding a stripped down version of the original mail which was rejected in the moderator queue. I stripped the 3.3 megabyte .tar.bz2 of the log file attachment, which is inappropriate for a technical list. Either trim the log to the relevant portion, or host the log externally and have your list email merely give a URL of the externally-hosted file] >