Permission denied when using vfio with interface pools
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| libvirt (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
I have a network configured like this (/etc/libvirt/
<network>
<name>en4</name>
<uuid>
<forward mode='hostdev' managed='yes'>
<pf dev='eno4'/>
</forward>
</network>
If I use this network in a qemu VM like this:
<interface type='network'>
<mac address=
<source network='en4'/>
<model type='rtl8139'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x09' function='0x0'/>
</interface>
I get an error like this when trying to start it using virsh:
qemu-system-
However, as soon as I pass any device through (e.g. a <hostdev> instead of <interface>), the permission error goes away.
So to me, it looks like when <interface> is using a network that uses a hostdev, libvirt does not set the proper permissions to allow qemu to access the vfio.
---
Description: Ubuntu 18.04.3 LTS
Release: 18.04
libvirt-daemon:
Installed: 4.0.0-1ubuntu8.12
Candidate: 4.0.0-1ubuntu8.12
| Christian Ehrhardt (paelzer) wrote | #1 |
| Launchpad Janitor (janitor) wrote | #2 |
| Changed in libvirt (Ubuntu): | |
| status: | New → Confirmed |
Hi,
this is a dup to bug 1677398.
The TL;DR is that in some guest description libvirt doesn't know (at the right time and place) what the device will be. Due to that it can't render the per-guest apparmor rules correctly for this extra device.
In a similar fashion bug 1775777 had issues with late additions of vfio devices.
The solution for now is that an admin has to opt-in and allow e.g.
/dev/vfio/* rw,
For all guests by setting that in
/etc/
or better as it isn't overwritten (conffile conflict) on upgrades
/etc/