Ubuntu

Libvirt/kvm permissions/ownership issue on upgrade from Karmic to Lucid

Reported by Charles Curley on 2010-06-29
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
libvirt (Ubuntu)
Undecided
Unassigned
Nominated for Lucid by jdobry

Bug Description

I just upgraded my desktop from Kosmic Koala to Lucid Lynx, and
upgraded to the latest. Everything worked fine prior to the upgrade
except some unrelated networking issues. I now find that I cannot
launch any virtual machines using libvirt/qemu/kvm and
libvirt-manager.

If I try to launch a VM having only a CD-ROM image for bulk storage, I
get:

 File "/usr/share/virt-manager/virtManager/engine.py", line 588, in
 run_domain
    vm.startup()
  File "/usr/share/virt-manager/virtManager/domain.py", line 150, in
 startup
    self._backend.create()
  File "/usr/lib/python2.6/dist-packages/libvirt.py", line 300, in
 create
    if ret == -1: raise libvirtError ('virDomainCreate() failed',
 dom=self)
libvirtError: internal error unable to start guest: libvir: QEMU
error : cannot set ownership
on /var/lib/libvirt/images/finnix-93.0.iso: Permission denied

This is a known bug: https://bugzilla.redhat.com/show_bug.cgi?id=517304

(I don't see any comparable bug in launchpad.)

If I try to launch a VM with only a virtual hard drive, I get:

 File "/usr/share/virt-manager/virtManager/engine.py", line 588, in
 run_domain vm.startup()
  File "/usr/share/virt-manager/virtManager/domain.py", line 150, in
 startup self._backend.create()
  File "/usr/lib/python2.6/dist-packages/libvirt.py", line 300, in
 create if ret == -1: raise libvirtError ('virDomainCreate() failed',
 dom=self) libvirtError: internal error unable to start guest: libvir:
 QEMU error : cannot change to '126' group: Operation not permitted

# grep 126 /etc/group /etc/passwd
/etc/group:kvm:x:126:
/etc/passwd:libvirt-qemu:x:120:126:Libvirt Qemu,,,:/var/lib/libvirt:/bin/false

Versions:
# pre libvirt kvm qemu
libvirt-bin 0.7.5-5ubuntu27 amd64
libvirt0 0.7.5-5ubuntu27 amd64
python-libvirt 0.7.5-5ubuntu27 amd64
qemu-common 0.12.3+noroms-0ubuntu9 all
qemu-kvm 0.12.3+noroms-0ubuntu9 amd64
# lsb_release -rd
Description: Ubuntu 10.04 LTS
Release: 10.04
# uname -a
Linux dzur 2.6.32-22-generic #36-Ubuntu SMP Thu Jun 3 19:31:57 UTC 2010 x86_64 GNU/Linux
# cat /proc/version_signature
Ubuntu 2.6.32-22.36-generic 2.6.32.11+drm33.2

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: libvirt-bin 0.7.5-5ubuntu27
ProcVersionSignature: Ubuntu 2.6.32-22.36-generic 2.6.32.11+drm33.2
Uname: Linux 2.6.32-22-generic x86_64
Architecture: amd64
Date: Tue Jun 29 12:24:47 2010
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.utf8
 SHELL=/bin/bash
SourcePackage: libvirt

Charles Curley (charlescurley) wrote :
Thierry Carrez (ttx) wrote :

Are you part of the libvirtd group ?
In doubt: just paste the output of "grep libvirtd /etc/group"

Changed in libvirt (Ubuntu):
status: New → Incomplete

On Wed, 30 Jun 2010 08:56:07 -0000
Thierry Carrez <email address hidden> wrote:

> Are you part of the libvirtd group ?
> In doubt: just paste the output of "grep libvirtd /etc/group"

Yes.

root@dzur:~# grep libvirtd /etc/group
libvirtd:x:127:ccurley

However, everything is owned by root:root, and libvirtd runs as root:

root@dzur:~# ps aux | grep libvirtd | grep -v grep
root 6804 0.1 0.1 221764 5768 ? Sl Jun29
1:04 /usr/sbin/libvirtd -d

root@dzur:/var/lib/libvirt/images# ll finnix-93.0.iso
-rw-rw-rw- 1 root root 126629888 2010-01-21 09:22 finnix-93.0.iso

--

Charles Curley /"\ ASCII Ribbon Campaign
Looking for fine software \ / Respect for open standards
and/or writing? X No HTML/RTF in email
http://www.charlescurley.com / \ No M$ Word docs in email

Key fingerprint = CE5C 6645 A45A 64E4 94C0 809C FFF6 4C48 4ECD DFDB

OK, I found a solution, likely the right one. After the upgrade, I found a new file, /etc/libvirt/qemu.conf.dpkg-dist. After diffing it against qemu.conf, I copied the following two stanzas from the upgrade file to the configuration file:

# The user ID for QEMU processes run by the system instance
#user = "libvirt-qemu"
user = "root"

# The group ID for QEMU processes run by the system instance
#group = "kvm"
group = "root"

I don't know why I missed it during the upgrade. If enough other folks have this problem, it might be worth investigating.

Thierry, I'm not sure I can change the status of this to "fixed"; if not would you please do so?

Thanks.

Charles Curley (charlescurley) wrote :

Oh, after copying those two stanzas, I restarted the daemon:

service libvirt-bin stop
service libvirt-bin start

----------------------------------

I'm not sure that this is the best solution. The libvirt folks apparently decided that qemu should run as a non-root user, and that is in general safer. The best solution would be to provide a way for users to convert their systems so that they can run qemu as that user.

But this will do for a work-around.

summary: - Libvirt/kvm permissions/ownership issue on upgrade from Kosmic to Lucid
+ Libvirt/kvm permissions/ownership issue on upgrade from Karmic to Lucid
Thierry Carrez (ttx) on 2010-07-02
Changed in libvirt (Ubuntu):
status: Incomplete → Fix Released

Tired of losing money in the stock market.
Last year our penny stock picks cashed in over 570% combined!
Check out the number 1 penny stock newsletter online.

Totally Free Newsletter.

--->>> www.awesomebeststocksnow.com

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers