Ubuntu
libvirt package

Libvirt/kvm permissions/ownership issue on upgrade from Karmic to Lucid

Bug #599910 reported by Charles Curley
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
libvirt (Ubuntu)
Fix Released
Undecided
Unassigned
Nominated for Lucid by jdobry

Bug Description

I just upgraded my desktop from Kosmic Koala to Lucid Lynx, and
upgraded to the latest. Everything worked fine prior to the upgrade
except some unrelated networking issues. I now find that I cannot
launch any virtual machines using libvirt/qemu/kvm and
libvirt-manager.

If I try to launch a VM having only a CD-ROM image for bulk storage, I
get:

 File "/usr/share/virt-manager/virtManager/engine.py", line 588, in
 run_domain
    vm.startup()
  File "/usr/share/virt-manager/virtManager/domain.py", line 150, in
 startup
    self._backend.create()
  File "/usr/lib/python2.6/dist-packages/libvirt.py", line 300, in
 create
    if ret == -1: raise libvirtError ('virDomainCreate() failed',
 dom=self)
libvirtError: internal error unable to start guest: libvir: QEMU
error : cannot set ownership
on /var/lib/libvirt/images/finnix-93.0.iso: Permission denied

This is a known bug: https://bugzilla.redhat.com/show_bug.cgi?id=517304

(I don't see any comparable bug in launchpad.)

If I try to launch a VM with only a virtual hard drive, I get:

 File "/usr/share/virt-manager/virtManager/engine.py", line 588, in
 run_domain vm.startup()
  File "/usr/share/virt-manager/virtManager/domain.py", line 150, in
 startup self._backend.create()
  File "/usr/lib/python2.6/dist-packages/libvirt.py", line 300, in
 create if ret == -1: raise libvirtError ('virDomainCreate() failed',
 dom=self) libvirtError: internal error unable to start guest: libvir:
 QEMU error : cannot change to '126' group: Operation not permitted

# grep 126 /etc/group /etc/passwd
/etc/group:kvm:x:126:
/etc/passwd:libvirt-qemu:x:120:126:Libvirt Qemu,,,:/var/lib/libvirt:/bin/false

Versions:
# pre libvirt kvm qemu
libvirt-bin 0.7.5-5ubuntu27 amd64
libvirt0 0.7.5-5ubuntu27 amd64
python-libvirt 0.7.5-5ubuntu27 amd64
qemu-common 0.12.3+noroms-0ubuntu9 all
qemu-kvm 0.12.3+noroms-0ubuntu9 amd64
# lsb_release -rd
Description: Ubuntu 10.04 LTS
Release: 10.04
# uname -a
Linux dzur 2.6.32-22-generic #36-Ubuntu SMP Thu Jun 3 19:31:57 UTC 2010 x86_64 GNU/Linux
# cat /proc/version_signature
Ubuntu 2.6.32-22.36-generic 2.6.32.11+drm33.2

ProblemType: Bug
DistroRelease: Ubuntu 10.04
Package: libvirt-bin 0.7.5-5ubuntu27
ProcVersionSignature: Ubuntu 2.6.32-22.36-generic 2.6.32.11+drm33.2
Uname: Linux 2.6.32-22-generic x86_64
Architecture: amd64
Date: Tue Jun 29 12:24:47 2010
ProcEnviron:
 PATH=(custom, user)
 LANG=en_US.utf8
 SHELL=/bin/bash
SourcePackage: libvirt

Revision history for this message
Charles Curley (charlescurley) wrote :
Revision history for this message
Thierry Carrez (ttx) wrote :

Are you part of the libvirtd group ?
In doubt: just paste the output of "grep libvirtd /etc/group"

Changed in libvirt (Ubuntu):
status: New → Incomplete
Revision history for this message
Charles Curley (charlescurley) wrote : Re: [Bug 599910] Re: Libvirt/kvm permissions/ownership issue on upgrade from Kosmic to Lucid

On Wed, 30 Jun 2010 08:56:07 -0000
Thierry Carrez <email address hidden> wrote:

> Are you part of the libvirtd group ?
> In doubt: just paste the output of "grep libvirtd /etc/group"

Yes.

root@dzur:~# grep libvirtd /etc/group
libvirtd:x:127:ccurley

However, everything is owned by root:root, and libvirtd runs as root:

root@dzur:~# ps aux | grep libvirtd | grep -v grep
root 6804 0.1 0.1 221764 5768 ? Sl Jun29
1:04 /usr/sbin/libvirtd -d

root@dzur:/var/lib/libvirt/images# ll finnix-93.0.iso
-rw-rw-rw- 1 root root 126629888 2010-01-21 09:22 finnix-93.0.iso

--

Charles Curley /"\ ASCII Ribbon Campaign
Looking for fine software \ / Respect for open standards
and/or writing? X No HTML/RTF in email
http://www.charlescurley.com / \ No M$ Word docs in email

Key fingerprint = CE5C 6645 A45A 64E4 94C0 809C FFF6 4C48 4ECD DFDB

Revision history for this message
Charles Curley (charlescurley) wrote : Re: Libvirt/kvm permissions/ownership issue on upgrade from Kosmic to Lucid

OK, I found a solution, likely the right one. After the upgrade, I found a new file, /etc/libvirt/qemu.conf.dpkg-dist. After diffing it against qemu.conf, I copied the following two stanzas from the upgrade file to the configuration file:

# The user ID for QEMU processes run by the system instance
#user = "libvirt-qemu"
user = "root"

# The group ID for QEMU processes run by the system instance
#group = "kvm"
group = "root"

I don't know why I missed it during the upgrade. If enough other folks have this problem, it might be worth investigating.

Thierry, I'm not sure I can change the status of this to "fixed"; if not would you please do so?

Thanks.

Revision history for this message
Charles Curley (charlescurley) wrote :

Oh, after copying those two stanzas, I restarted the daemon:

service libvirt-bin stop
service libvirt-bin start

----------------------------------

I'm not sure that this is the best solution. The libvirt folks apparently decided that qemu should run as a non-root user, and that is in general safer. The best solution would be to provide a way for users to convert their systems so that they can run qemu as that user.

But this will do for a work-around.

Dustin Kirkland  (kirkland)
summary: - Libvirt/kvm permissions/ownership issue on upgrade from Kosmic to Lucid
+ Libvirt/kvm permissions/ownership issue on upgrade from Karmic to Lucid
Thierry Carrez (ttx)
Changed in libvirt (Ubuntu):
status: Incomplete → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.