[Pkg-libvirt-maintainers] Bug#781283: libvirt-bin: Permission denied with 9p file system

Thu Mar 26 21:17:11 UTC 2015

Package: libvirt-bin
Version: 0.9.12.3-1+deb7u1
Severity: normal

Operating inside a wheezy VM with fstab including
SASInstaller    /mnt/SASInstaller   9p  trans=virtio,version=9p2000.L 0 0
SASUnzip        /mnt/SASUnzip   9p  trans=virtio,version=9p2000.L 0 0
and libvirt setup with, e.g.,
    <filesystem type='mount' accessmode='passthrough'>
      <source dir='/mnt/SASInstaller'/>
      <target dir='SASInstaller'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x0a'
function='0x0'/>
    </filesystem>
Using KVM.

I get lots of "Permission Denied" errors both when listing directory
contents and when trying to do anything, such as creating a file.
E.g.,

ross at markov02:/mnt/SASUnzip$ cp ../SASInstaller/*txt sid_files/
cp: cannot create regular file
`sid_files/SAS94_9B1RJ4_70081229_Win_X64_Wrkstn.txt': Permission
denied

It seems that operations are not allowed unless root on the host has
explicit permission to do the operation, even if I am user "ross" on
both host and VM (same uid also).  Being root on the guest doesn't
help.

One oddity is that the the ability of ls to list the files attributes
seems to depend on read access to the file, not to the directory in
which the file resides.  Here's an example, as root from the guest:
<terminal>
root at markov02:/mnt/SASInstaller# ls -l
ls: cannot access lost+found: Permission denied
ls: cannot access Linux64-L25415-8384TMP.zip: Permission denied
ls: cannot access Windows64-L25415-5264TMP.zip: Permission denied
total 16
-????????? ? ?    ?       ?            ? Linux64-L25415-8384TMP.zip
d????????? ? ?    ?       ?            ? lost+found
-rw-r--r-- 1 ross ross 5581 Mar 25 14:39
SAS94_9B1RJ4_70081229_Win_X64_Wrkstn.txt
-rw-r--r-- 1 ross ross 5417 Mar 26 10:41 SAS94_9B1RJ4_70081487_LINUX_X86-64.txt
-????????? ? ?    ?       ?            ? Windows64-L25415-5264TMP.zip
root at markov02:/mnt/SASInstaller# ls -ld .
drwxr-xr-x 3 ross root 4096 Mar 26 10:41 .
root at markov02:/mnt/SASInstaller# # changed first file to allow reads
from everyone
root at markov02:/mnt/SASInstaller# date; ls -l
Thu Mar 26 12:16:51 PDT 2015
ls: cannot access lost+found: Permission denied
ls: cannot access Windows64-L25415-5264TMP.zip: Permission denied
total 18215208
-rw-r--r-- 1 ross ross 18652350572 Jan  9 16:50 Linux64-L25415-8384TMP.zip
d????????? ? ?    ?              ?            ? lost+found
-rw-r--r-- 1 ross ross        5581 Mar 25 14:39
SAS94_9B1RJ4_70081229_Win_X64_Wrkstn.txt
-rw-r--r-- 1 ross ross        5417 Mar 26 10:41
SAS94_9B1RJ4_70081487_LINUX_X86-64.txt
-????????? ? ?    ?              ?            ? Windows64-L25415-5264TMP.zip
</terminal>

There are tons of reports like this on the internet, blaming various
components: apparmor (esp for Ubuntu), selinux, the kernel (3.5 was
mentioned as buggy), libvirt.  I'm not sure where the problem lies; it
doesn't seem apparmor or selinux are active for me (host and guest are
pretty vanilla).

Expected behavior: that the 9p mount should behave exactly the same as
the underlying file system.  This include root on guest being root on
host, though I can see there might be reasons to avoid this.

Ross Boylan

-- System Information:
Debian Release: 7.8
-- System Information:
Debian Release: 7.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libvirt-bin depends on:
ii  adduser             3.113+rb3
ii  gettext-base        0.18.1.1-9
ii  libblkid1           2.20.1-5.3
ii  libc6               2.13-38+deb7u8
ii  libcap-ng0          0.6.6-2
ii  libdbus-1-3         1.6.8-1+deb7u6
ii  libdevmapper1.02.1  2:1.02.74-8
ii  libgcrypt11         1.5.0-5+deb7u3
ii  libgnutls26         2.12.20-8+deb7u3
ii  libnetcf1           0.1.9-2
ii  libnl1              1.1-7
ii  libnuma1            2.0.8~rc4-1
ii  libparted0debian1   2.3-12
ii  libpcap0.8          1.3.0-1
ii  libpciaccess0       0.13.1-2
ii  libreadline6        6.2+dfsg-0.1
ii  libsasl2-2          2.1.25.dfsg1-6+deb7u1
ii  libudev0            175-7.2
ii  libvirt0            0.9.12.3-1+deb7u1
ii  libxml2             2.8.0+dfsg1-7+wheezy3
ii  libyajl2            2.0.4-2
ii  logrotate           3.8.1-4

Versions of packages libvirt-bin recommends:
ii  bridge-utils    1.5-6
ii  dmidecode       2.11-9
ii  dnsmasq-base    2.62-3+deb7u1
ii  ebtables        2.0.10.4-1
ii  gawk            1:4.0.1+dfsg-2.1
ii  iproute         20120521-3+b3
ii  iptables        1.4.14-3.1
ii  libxml2-utils   2.8.0+dfsg1-7+wheezy3
ii  netcat-openbsd  1.105-7
ii  parted          2.3-12
ii  qemu            1.1.2+dfsg-6a+deb7u6
ii  qemu-kvm        1.1.2+dfsg-6+deb7u6

Versions of packages libvirt-bin suggests:
ii  policykit-1  0.105-3
ii  radvd        1:1.8.5-1

-- Configuration Files:
/etc/libvirt/qemu.conf [Errno 13] Permission denied: u'/etc/libvirt/qemu.conf'
[qemu.conf is comments only]