Ubuntu
kvm package

Unable to create VM when .iso file is stored on external USB drive

Bug #801098 reported by Louis Bouchard
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kvm (Ubuntu)
Opinion
Undecided
Unassigned

Bug Description

When using the following virt-install command, the installation fails with a "Permission denied" trying to access the ubuntu-10.10-server-amd64.iso file stored on an external USB drive :

/usr/bin/virt-install --connect qemu:///system \
                        --name MaverickS \
                        --ram 1024 \
                        --disk path=/var/lib/libvirt/images/MaverickS.img,size=8 \
                        --disk path=/media/Maxtor/ISO/ubuntu-10.10-server-amd64.iso,device=cdrom \
                        --os-type linux \
                        --os-variant ubuntumaverick \
                        --accelerate \
                        --network network=default \
                        --arch x86_64 \
                        --vcpus 2 \
                        --vnc \
                        --debug

The mountpoint /media/Maxtor is a USB drive which is mounted automatically when powered on.

When mounting the drive manually, the creation of the VM succeeds :

$ mount | grep Maxtor
/dev/sdb1 on /media/Maxtor type fuseblk (rw,nosuid,nodev,allow_other,blksize=4096,default_permissions)
$ sudo umount /media/Maxtor
$ sudo mount /dev/sdb1 /mnt
$ mount | grep sdb
/dev/sdb1 on /mnt type fuseblk (rw,nosuid,nodev,allow_other,blksize=4096)

The virt-install has been run both time in debug mode and log files are attached for both sessions.

Revision history for this message
Louis Bouchard (louis) wrote :
Revision history for this message
Louis Bouchard (louis) wrote :
Revision history for this message
James Page (james-page) wrote :

Hi Louis

Thank you for taking the time to report this bug and helping to make Ubuntu better.

Assuming that you are running on maverick+ the issue with kvm not being able to access the .iso image on your external hard drive is due to the fact that by default the kvm processes that virt-install/libvirt starts run as 'libvirt-qemu'; when your hard drive automounts it does it in user space which means that only your account can do anything on the drive - including reading data which blocks libvirt/kvm access to the iso images.

When you unmount the drive and re-mount it as root it gets a different set of permissions which means that the libvirt-qemu account can access the .iso images.

You could work around this by changing the settings in /etc/libvirt/qemu.conf so that the kvm processes run as root; however you do need to consider the security implications of this (it normally runs as libvirt-qemu for good reasons).

I'm going to mark this ticket as 'Invalid' as I believe this is the expected behaviour for removable drives.

Changed in kvm (Ubuntu):
status: New → Invalid
Revision history for this message
James Page (james-page) wrote :

Discussed with Louis via IRC - setting to 'Opinion' as this does represent a bit of a conflict between the security features in libvirt/kvm and the use of user space mounts.

Changed in kvm (Ubuntu):
status: Invalid → Opinion
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.