libguestfs launch image failed in ubuntu

I had following settings when I want to enable inject feature in nova.
[libvirt]
inject_partition = -1
inject_key = True

But nova-compute service will raise following exception
2015-10-20 07:12:57.318 ERROR nova.virt.libvirt.driver [req-777e2fe1-a4f0-4c16-bb71-ee34e59aa2ba admin admin] [instance: b2d39549-96d5-42c6-bdab-a0cee10b24bb] Error injecting data into image 865c98b5-ffd7-4f32-b1af-07b273fcc07d (libguestfs installed but not usable (/usr/bin/supermin-helper exited with error status 1.
To see full error messages you may need to enable debugging.
See http://libguestfs.org/guestfs-faq.1.html#debugging-libguestfs))
2015-10-20 07:12:57.319 ERROR nova.compute.manager [req-777e2fe1-a4f0-4c16-bb71-ee34e59aa2ba admin admin] [instance: b2d39549-96d5-42c6-bdab-a0cee10b24bb] Instance failed to spawn
2015-10-20 07:12:57.319 TRACE nova.compute.manager [instance: b2d39549-96d5-42c6-bdab-a0cee10b24bb] Traceback (most recent call last):
2015-10-20 07:12:57.319 TRACE nova.compute.manager [instance: b2d39549-96d5-42c6-bdab-a0cee10b24bb] File "/opt/stack/nova/nova/compute/manager.py", line 2172, in _build_resources
2015-10-20 07:12:57.319 TRACE nova.compute.manager [instance: b2d39549-96d5-42c6-bdab-a0cee10b24bb] yield resources
2015-10-20 07:12:57.319 TRACE nova.compute.manager [instance: b2d39549-96d5-42c6-bdab-a0cee10b24bb] File "/opt/stack/nova/nova/compute/manager.py", line 2019, in _build_and_run_instance
2015-10-20 07:12:57.319 TRACE nova.compute.manager [instance: b2d39549-96d5-42c6-bdab-a0cee10b24bb] block_device_info=block_device_info)
2015-10-20 07:12:57.319 TRACE nova.compute.manager [instance: b2d39549-96d5-42c6-bdab-a0cee10b24bb] File "/opt/stack/nova/nova/virt/libvirt/driver.py", line 2437, in spawn
2015-10-20 07:12:57.319 TRACE nova.compute.manager [instance: b2d39549-96d5-42c6-bdab-a0cee10b24bb] admin_pass=admin_password)
2015-10-20 07:12:57.319 TRACE nova.compute.manager [instance: b2d39549-96d5-42c6-bdab-a0cee10b24bb] File "/opt/stack/nova/nova/virt/libvirt/driver.py", line 2969, in _create_image
2015-10-20 07:12:57.319 TRACE nova.compute.manager [instance: b2d39549-96d5-42c6-bdab-a0cee10b24bb] instance, network_info, admin_pass, files, suffix)
2015-10-20 07:12:57.319 TRACE nova.compute.manager [instance: b2d39549-96d5-42c6-bdab-a0cee10b24bb] File "/opt/stack/nova/nova/virt/libvirt/driver.py", line 2778, in _inject_data
2015-10-20 07:12:57.319 TRACE nova.compute.manager [instance: b2d39549-96d5-42c6-bdab-a0cee10b24bb] instance=instance)
2015-10-20 07:12:57.319 TRACE nova.compute.manager [instance: b2d39549-96d5-42c6-bdab-a0cee10b24bb] File "/usr/local/lib/python2.7/dist-packages/oslo_utils/excutils.py", line 195, in __exit__
2015-10-20 07:12:57.319 TRACE nova.compute.manager [instance: b2d39549-96d5-42c6-bdab-a0cee10b24bb] six.reraise(self.type_, self.value, self.tb)
2015-10-20 07:12:57.319 TRACE nova.compute.manager [instance: b2d39549-96d5-42c6-bdab-a0cee10b24bb] File "/opt/stack/nova/nova/virt/libvirt/driver.py", line 2772, in _inject_data
2015-10-20 07:12:57.319 TRACE nova.compute.manager [instance: b2d39549-96d5-42c6-bdab-a0cee10b24bb] mandatory=('files',))
2015-10-20 07:12:57.319 TRACE nova.compute.manager [instance: b2d39549-96d5-42c6-bdab-a0cee10b24bb] File "/opt/stack/nova/nova/virt/disk/api.py", line 414, in inject_data
2015-10-20 07:12:57.319 TRACE nova.compute.manager [instance: b2d39549-96d5-42c6-bdab-a0cee10b24bb] fs = vfs.VFS.instance_for_image(image, partition)
2015-10-20 07:12:57.319 TRACE nova.compute.manager [instance: b2d39549-96d5-42c6-bdab-a0cee10b24bb] File "/opt/stack/nova/nova/virt/disk/vfs/api.py", line 62, in instance_for_image
2015-10-20 07:12:57.319 TRACE nova.compute.manager [instance: b2d39549-96d5-42c6-bdab-a0cee10b24bb] vfs.inspect_capabilities()
2015-10-20 07:12:57.319 TRACE nova.compute.manager [instance: b2d39549-96d5-42c6-bdab-a0cee10b24bb] File "/opt/stack/nova/nova/virt/disk/vfs/guestfs.py", line 89, in inspect_capabilities
2015-10-20 07:12:57.319 TRACE nova.compute.manager [instance: b2d39549-96d5-42c6-bdab-a0cee10b24bb] _("libguestfs installed but not usable (%s)") % e)
2015-10-20 07:12:57.319 TRACE nova.compute.manager [instance: b2d39549-96d5-42c6-bdab-a0cee10b24bb] NovaException: libguestfs installed but not usable (/usr/bin/supermin-helper exited with error status 1.
2015-10-20 07:12:57.319 TRACE nova.compute.manager [instance: b2d39549-96d5-42c6-bdab-a0cee10b24bb] To see full error messages you may need to enable debugging.
2015-10-20 07:12:57.319 TRACE nova.compute.manager [instance: b2d39549-96d5-42c6-bdab-a0cee10b24bb] See http://libguestfs.org/guestfs-faq.1.html#debugging-libguestfs)
2015-10-20 07:12:57.319 TRACE nova.compute.manager [instance: b2d39549-96d5-42c6-bdab-a0cee10b24bb]
2015-10-20 07:12:57.322 INFO nova.compute.manager [req-777e2fe1-a4f0-4c16-bb71-ee34e59aa2ba admin admin] [instance: b2d39549-96d5-42c6-bdab-a0cee10b24bb] Terminating instance

Why guestfs will inspect capabilities fail?
Because of host's kernel only allow root user had read/write permission.
If compute-service didn't had read permission then it will launch image fail.
In libguestfs offical FAQ site had point out this issue, following is the link
http://libguestfs.org/guestfs-faq.1.html#binaries
It had suggested users to change host's kernel permission.

You can also check result by guestfish command:
> export LIBGUESTFS_DEBUG=1
> export LIBGUESTFS_TRACE=1
> guestfish -a /dev/null
<fs> launch
...
...
/usr/bin/supermin-helper: open: /boot/vmlinuz-3.13.0-55-generic: Permission denied
libguestfs: error: /usr/bin/supermin-helper exited with error status 1, see debug messages above
...
...

We can have three way to resolve this problem.
1. Open service in root permission
2. Change kernel's permission in compute-service
3. Check whether service had permission to read kernel. Suggest users to modify permission instead directly modify permission. Then users need to manually change kernel's permission.

We shouldn't open service in root permission, therefore first way shouldn't been accepted.
It will probably have security issue if service can directly change file's permission.
At last, I prefer third way.
Because of this issue will only happen in ubuntu os and previous reasons.

libguestfs-tools 1:1.24.5-1