When I upgraded from Artful Aardvark to Bionic Beaver, I couldn't run KVM virtual machines that were running fine previously.
I fixed it by adding the libvirtd group manually and adding myself to it.
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: libvirt-daemon-system 4.0.0-1ubuntu8
ProcVersionSignature: Ubuntu 4.15.0-20.21-generic 4.15.17
Uname: Linux 4.15.0-20-generic x86_64
ApportVersion: 2.20.9-0ubuntu7
Architecture: amd64
CurrentDesktop: ubuntu:GNOME
Date: Sat May 5 03:16:32 2018
InstallationDate: Installed on 2017-07-13 (295 days ago)
InstallationMedia: Ubuntu 17.04 "Zesty Zapus" - Release amd64 (20170412)
SourcePackage: libvirt
UpgradeStatus: Upgraded to bionic on 2018-04-28 (6 days ago)
modified.conffile..etc.libvirt.nwfilter.allow-arp.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/allow-arp.xml']
modified.conffile..etc.libvirt.nwfilter.allow-dhcp-server.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/allow-dhcp-server.xml']
modified.conffile..etc.libvirt.nwfilter.allow-dhcp.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/allow-dhcp.xml']
modified.conffile..etc.libvirt.nwfilter.allow-incoming-ipv4.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/allow-incoming-ipv4.xml']
modified.conffile..etc.libvirt.nwfilter.allow-ipv4.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/allow-ipv4.xml']
modified.conffile..etc.libvirt.nwfilter.clean-traffic.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/clean-traffic.xml']
modified.conffile..etc.libvirt.nwfilter.no-arp-ip-spoofing.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/no-arp-ip-spoofing.xml']
modified.conffile..etc.libvirt.nwfilter.no-arp-mac-spoofing.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/no-arp-mac-spoofing.xml']
modified.conffile..etc.libvirt.nwfilter.no-arp-spoofing.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/no-arp-spoofing.xml']
modified.conffile..etc.libvirt.nwfilter.no-ip-multicast.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/no-ip-multicast.xml']
modified.conffile..etc.libvirt.nwfilter.no-ip-spoofing.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/no-ip-spoofing.xml']
modified.conffile..etc.libvirt.nwfilter.no-mac-broadcast.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/no-mac-broadcast.xml']
modified.conffile..etc.libvirt.nwfilter.no-mac-spoofing.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/no-mac-spoofing.xml']
modified.conffile..etc.libvirt.nwfilter.no-other-l2-traffic.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/no-other-l2-traffic.xml']
modified.conffile..etc.libvirt.nwfilter.no-other-rarp-traffic.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/no-other-rarp-traffic.xml']
modified.conffile..etc.libvirt.nwfilter.qemu-announce-self-rarp.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/qemu-announce-self-rarp.xml']
modified.conffile..etc.libvirt.nwfilter.qemu-announce-self.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/qemu-announce-self.xml']
modified.conffile..etc.libvirt.qemu.conf: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/qemu.conf']
modified.conffile..etc.libvirt.qemu.networks.default.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/qemu/networks/default.xml']
Hi Nur,
that is odd the handling is as following.
In the past there was a group libvirtd - new packaging in Debian and Ubuntu renamed that to libvirt but the install handles that.
In case of a new install you would have those groups for libvirt: x:132:paelzer qemu:x: 64055:libvirt- qemu
libvirt:
libvirt-
But if you are on an upgrade form an older version to properly work with old filed created under the old user you'd get: x:132:paelzer x:132:paelzer qemu:x: 64055:libvirt- qemu
libvirtd:
libvirt:
libvirt-
The GID is the same, and therefore both names are essentially the same group.
The snippet for that is in libvirt- daemon- system. postinst and I don't see yet how that would "remove" the libvirtd group.
gid= `getent group libvirtd | getent group libvirtd | cut -d: -f3`
groupadd --system --non-unique --gid "$gid" libvirt
addgroup --quiet --system libvirt
if ! getent group libvirt >/dev/null; then
if getent group libvirtd >/dev/null; then
else
fi
fi
This is this way since yakkety (16.10) and so far was not an issue.
So the behavior should be:
- new installs since >=Yakkety, you have just group "libvirt"
- upgrade <=Xenial have libvirtd, and you get libvirtd AND libvirt on the same GID
Nur, could you please outline:
- what exact the error was that made your system need the libvirtd group?
- a scenario how you'd ever have had a libvirtd group given that you Started with 17.04 after the changes I referred to?
If this is a 3rd party automation/script you'd have to adapt to the new group name for new installs. As mentioned upgrades will be handled - but all of this is true since >=16.10.
Waiting for your reply ...