[one-users] libvirt not allowing access to /dev/kvm

Michael Brown michael at netdirect.ca
Wed Feb 8 10:53:36 PST 2012


I think I've finally nailed the root cause of my troubles. I posted this
on http://serverfault.com/q/358118/2101 but you guys may be able to
answer with more authority:

I have a fresh Open Nebula 3.2.1 installation which I'm trying to get
working and manage some freshly-installed debian squeeze kvm hosts.

My problem is that when Open Nebula deploys VMs the KVM process does not
have access to the /dev/kvm device on the host.

I've set up everything according to documentation:
root at onhost1:~# ls -al /dev/kvm
crw-rw---- 1 root kvm 10, 232 Feb 8 11:24 /dev/kvm

root at onhost1:~# id oneadmin
uid=500(oneadmin) gid=500(oneadmin)
groups=500(oneadmin),106(kvm),108(libvirt)

libvirt/qemu.conf has:
user = "oneadmin"
group = "oneadmin"

When libvirt creates VMs they do not have any of the secondary groups
set so the process doesn't have access to /dev/kvm via file permissions.
OK, fair enough, though the Open Nebula documentation seems to indicate
it should be set up this way.

I've tried mounting cgroups to try and resolve this problem. After I do
so, the kvm process has the following cgroup entry:

1:devices,cpu:/libvirt/qemu/one-29

corresponding to:

/dev/cgroup/libvirt/qemu/one-29/devices.list:c 10:232 rwm

My lack of understanding of how cgroups work indicate to me that this
ought to allow the process to access /dev/kvm, but no go.

I can make things work by adding an ACL entry (setfacl -m u:oneadmin:rw
/dev/kvm) but that doesn't Seem Right. Shouldn't Open Nebula/libvirt be
handling this?

* What are the Correct Changes to make?
* Should the documentation be changed?
* Have I missed something?


-- 
Michael Brown               | `One of the main causes of the fall of
Systems Consultant          | the Roman Empire was that, lacking zero,
Net Direct Inc.             | they had no way to indicate successful
☎: +1 519 883 1172 x5106    | termination of their C programs.' - Firth




More information about the Users mailing list