[Pkg-libvirt-maintainers] Bug#843940: Bug#843940: libvirt-daemon: "Permission denied" errors in VMM/virt-manager when dynamic_ownership=0

J Mo jmomo at jmomo.net
Sat Nov 12 01:39:20 UTC 2016 


On 11/11/2016 10:48 AM, Guido Günther wrote:
> As far as I understand your report you're disabling the feature you
> want: having libvirt fixup permissions. If you disable it you have (or
> virt-manager) to do that.
>
> There might be a bug in virt-manager where it should take more care of
> adjusting permissions but it's hard to figure that out from your
> report. You don't give virt-manager-versions, file permissions, etc or
> what you did to get it to work.



The feature of libvirt to dynamically take ownership of files is 
confounding, bizarre, and obviously poorly thought out. I'm not alone in 
this opinion. A huge number of bugs and complaints have been filed about 
this issue, yet it remains:

https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/691590
https://www.redhat.com/archives/libvir-list/2011-September/msg00458.html

https://www.redhat.com/archives/libvirt-users/2010-January/msg00010.html
https://www.redhat.com/archives/libvirt-users/2010-January/msg00023.html

https://unix.stackexchange.com/questions/110357/prevent-libvirtd-from-modifying-file-attributes



All of these complaints were the reason the "dynamic_ownership" 
configuration option was apparently created in the first place.

The real source of our problems here is that libvirt changes the 
ownership of files outside of it's own directories, even when it doesn't 
need to do so. Libvirt has no justification to take user:group ownership 
of .iso files when it already has read access to them.

The workaround for this is to set dynamic_ownership=0. Unfortunately, 
that seems to be breaking the creation of new VMs, as my bug documents.



Just to be clear, my lack of information regarding details was an 
indication that defaults are being used: I have made no 
permission/ownership changes to anything in libvirt/qemu/et-cetera. I 
have made no configuration changes other than setting 
dynamic_ownership=0. This is a very new and default libvirt/virt-manager 
setup.

Reproducing this issue is as easy as my original report documents: Set 
dynamic_ownership=0 and create a new VM with a disk image.



When I have dynamic_ownership=0, and I create a new VM with libvirt and 
instruct it to create a new .qcow2 disk, it creates a new file in 
/var/lib/libvirt/images/

Unfortunately, the file remains owned by root:root, and libvirt fails to 
chown it:

[/var/lib/libvirt]
user at hostname-->sudo ls -alh --color images/
total 74G
drwx--x--x 2 root         root         4.0K Nov 11 17:18 .
drwxr-xr-x 6 root         root         4.0K Sep 23 19:10 ..
-rw------- 1 libvirt-qemu libvirt-qemu  41G Nov 10 18:03 
Debian_unstable.qcow2
-rw------- 1 root         root          21G Nov 11 17:18 generic.qcow2
-rw------- 1 libvirt-qemu libvirt-qemu  21G Nov 11 17:17 linuxmint-18.qcow2
-rw------- 1 libvirt-qemu libvirt-qemu  21G Oct  7 20:18 openSUSE.qcow2
-rw------- 1 libvirt-qemu libvirt-qemu 101G Oct  7 20:18 ubuntu14.04.qcow2



If I manually fix the ownership of the file, the VM then can start and 
works properly:

[/var/lib/libvirt]
user at hostname-->sudo chown libvirt-qemu:libvirt-qemu images/generic.qcow2



Thus, I'm put in the position where I either have to manually fix the 
ownership of all the .iso images that libvirt wrongly and unjustifiably 
takes ownership of, or I have to manually fix the ownership of the 
.qcow2 files. One way or the other, something is broken.

More information about the Pkg-libvirt-maintainers mailing list