Ubuntu
libvirt package

  1. Bug #691590
  2. Comment #43

Comment 43 for bug 691590

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

As I was asked to verify behavior on non-xattr systems as well I used one mounted like:
  /dev/nvme0n1p3 on /var/lib/uvtool/libvirt/images type ext4 (rw,relatime,nouser_xattr)

We see that even that isn't a showstopper as it is user_attrs and libvirtd runs as root.
# getfattr -d -m . /var/lib/uvtool/libvirt/images/focal.qcow
getfattr: Removing leading '/' from absolute path names
# file: var/lib/uvtool/libvirt/images/focal.qcow
trusted.libvirt.security.dac="+0:+100"
trusted.libvirt.security.ref_dac="1"
trusted.libvirt.security.timestamp_dac="1593600755"

I also used an ext2 which might support less attributes
  /dev/nvme0n1p3 on /var/lib/uvtool/libvirt/images type ext2 (rw,relatime,nouser_xattr)

But that still can store the xattr.

We don't build kernels without xattr to force it that way.

So finally I took a FS that can't do ownerships well in general.
/dev/nvme0n1p3 on /var/lib/uvtool/libvirt/images type vfat (rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)

But that isn't able to be used (permission errors) if not at the right group right away:
-rwxr-xr-x 1 root root 245104640 Jul 16 11:11 /var/lib/uvtool/libvirt/images/focal.qcow*
root@node-horsea:~# virsh start focal
error: Failed to start domain focal
error: internal error: process exited while connecting to monitor: 2020-07-16T11:48:55.976986Z qemu-system-x86_64: -blockdev {"node-name":"libvirt-2-format","read-only":false,"driver":"qcow2","file":"libvirt-2-storage","backing":"libvirt-3-format"}: Could not reopen file: Permission denied

id libvirt-qemu
uid=64055(libvirt-qemu) gid=115(kvm) groups=115(kvm),117(libvirt),64055(libvirt-qemu)

Mounted as the required user we can use it and it is not changing IDs in anyway (while running at non xattr FS)
/dev/nvme0n1p3 on /var/lib/uvtool/libvirt/images type vfat (rw,relatime,uid=64055,gid=115,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)

root@node-horsea:~# ll /var/lib/uvtool/libvirt/images/focal.qcow
-rwxr-xr-x 1 libvirt-qemu kvm 245104640 Jul 16 11:11 /var/lib/uvtool/libvirt/images/focal.qcow*
root@node-horsea:~# virsh start focal
Domain focal started

root@node-horsea:~# ll /var/lib/uvtool/libvirt/images/focal.qcow
-rwxr-xr-x 1 libvirt-qemu kvm 245104640 Jul 16 11:51 /var/lib/uvtool/libvirt/images/focal.qcow*
root@node-horsea:~# virsh shutdown focal
Domain focal is being shutdown

root@node-horsea:~# ll /var/lib/uvtool/libvirt/images/focal.qcow
-rwxr-xr-x 1 libvirt-qemu kvm 246546432 Jul 16 11:52 /var/lib/uvtool/libvirt/images/focal.qcow*

I think that covers all combinations that come to mind, excluding those only available in non-Ubuntu kernels.