[one-users] cannot set ownership on /var/lib/one/1/images/disk.1: Permission denied

Javier Fontan jfontan at opennebula.org
Fri Jun 29 03:19:13 PDT 2012 

This is normal. When a VM is created a new app armor profile is created for
it so it can be confined. The small time the VM was up (trying to boot)
that profile existed.

On Fri, Jun 22, 2012 at 8:49 AM, Jan Benadik <jan.benadik at atos.net> wrote:

>  When I set:
> root at tyan-host:/etc/apparmor.d/local# /etc/init.d/apparmor stop
> root at tyan-host:/etc/apparmor.d/local# /etc/init.d/apparmor teardown
> root at tyan-host:/etc/apparmor.d/local# apparmor_status
> apparmor module is loaded.
> 0 profiles are loaded.
> 0 profiles are in enforce mode.
> 0 profiles are in complain mode.
> 0 processes have profiles defined.
> 0 processes are in enforce mode :
> 0 processes are in complain mode.
> 0 processes are unconfined but have a profile defined.
>
> nothing changed.
>
> But - during the resubmit process - apparmor status was changed for a
> while (a few seconds - when VM is in state "BOOT", until fall down to
> "FAILED") to:
> root at tyan-host:/etc/apparmor.d/local# apparmor_status
> apparmor module is loaded.
> 1 profiles are loaded.
> 1 profiles are in enforce mode.
>    libvirt-b0bc94b8-588c-ad63-6367-45d1fc9c16d5
> 0 profiles are in complain mode.
> 0 processes have profiles defined.
> 0 processes are in enforce mode :
> 0 processes are in complain mode.
> 0 processes are unconfined but have a profile defined.
>
> When in oned.log a message appears:
> Thu Jun 21 16:41:17 2012 [VMM][I]: Successfully execute network driver
> operation: pre.
>
> immedialtely after that in /var/log/syslog appears:
> Jun 22 10:46:09 tyan-host kernel: [60470.749192] type=1505
> audit(1340354769.603:49):  operation="profile_load" pid=14286
> name="libvirt-b0bc94b8-588c-ad63-6367-45d1fc9c16d5"
> Jun 22 10:46:09 tyan-host libvirtd: 10:46:09.624: error :
> qemuDomainSetFileOwnership:2222 : cannot set ownership on
> /var/lib/one/1/images/disk.0: Permission denied
>
> When in oned-log the messages appears:
> Thu Jun 21 16:41:48 2012 [VMM][I]: Command execution fail: cat << EOT |
> /var/tmp/one/vmm/kvm/deploy /var/lib/one/1/images/deployment.4 tyan 1 tyan
> Thu Jun 21 16:41:48 2012 [VMM][I]: error: Failed to create domain from
> /var/lib/one/1/images/deployment.4
> Thu Jun 21 16:41:48 2012 [VMM][I]: error: cannot set ownership on
> /var/lib/one/1/images/disk.1: Permission denied
> Thu Jun 21 16:41:48 2012 [VMM][E]: Could not create domain from
> /var/lib/one/1/images/deployment.4
> Thu Jun 21 16:41:48 2012 [VMM][I]: ExitCode: 255
> Thu Jun 21 16:41:48 2012 [VMM][I]: Failed to execute virtualization driver
> operation: deploy.
> Thu Jun 21 16:41:48 2012 [VMM][E]: Error deploying virtual machine: Could
> not create domain from /var/lib/one/1/images/deployment.4
> Thu Jun 21 16:41:49 2012 [DiM][I]: New VM state is FAILED
>
> at the same time in syslog appears:
> Jun 22 10:46:39 tyan-host libvirtd: 10:46:39.636: error :
> qemuMonitorOpenUnix:268 : monitor socket did not show up.: No such file or
> directory
> Jun 22 10:46:39 tyan-host libvirtd: 10:46:39.636: error :
> qemuConnectMonitor:822 : Failed to connect monitor for one-1#012
> Jun 22 10:46:39 tyan-host kernel: [60500.950824] type=1505
> audit(1340354799.805:50):  operation="profile_remove" pid=14299
> name="libvirt-b0bc94b8-588c-ad63-6367-45d1fc9c16d5" namespace="root"
> Jun 22 10:46:39 tyan-host libvirtd: 10:46:39.818: error :
> qemuDomainSetFileOwnership:2222 : cannot set ownership on
> /var/lib/one/1/images/disk.1: Permission denied
> Jun 22 10:46:39 tyan-host libvirtd: 10:46:39.819: warning :
> qemudShutdownVMDaemon:2703 : Failed to restore all device ownership for
> one-1
>
> When I set:
> aa-complain libvirtd
>
> nothing changed, the same result and messages in logs. I things the issue
> is not in apparmor - something in permissions is wrong (oneadmin is a
> member of sudoers, of course). Everything mentioned here is on host (not on
> ONE server).
>
> Permissions of folders and files:
> oneadmin at tyan-host:~/images$ pwd
> /var/lib/one/images
> oneadmin at tyan-host:~/images$ ls -la
> total 19326692
> drwxrwx--T  2 oneadmin root         4096 Jun 21 16:01 .
> drwxr-xr-x 11 oneadmin root         4096 Jun 22 08:44 ..
> -rw-rw----  1 oneadmin root    927989760 Jun 20 10:57
> 46440b43448202b4ee69b4b541f5eeab
> -rw-rw----  1 oneadmin cloud  2996799488 Jun 21 16:01
> 5bc39d96de8b79c5154c12d534359460
> -rw-rw----  1 oneadmin root  10737418241 Jun 20 10:57
> 9c52b90a79dba7c26a912d05ff5190b8
> -rw-rw----  1 oneadmin cloud 15728640001 Jun 21 16:05
> a1a5f9b12659a78bdc54e9fe9c6ecb79
>
> oneadmin at tyan-host:~$ pwd
> /var/lib/one
> oneadmin at tyan-host:~$ ls -la
> total 168
> drwxr-xr-x 11 oneadmin root   4096 Jun 22 08:44 .
> drwxr-xr-x 38 root     root   4096 Jun 21 17:30 ..
> -rw-------  1 oneadmin cloud  3375 Jun 22 08:41 .bash_history
> drwx------  3 oneadmin cloud  4096 Jun 21 09:35 .cache
> drwx------  3 oneadmin cloud  4096 Jun 21 09:35 .config
> drwx------  3 oneadmin cloud  4096 Jun 21 09:35 .local
> drwx------  2 oneadmin cloud  4096 Jun 20 09:49 .one
> drwx------  2 oneadmin root   4096 Jun 20 17:43 .ssh
> -rw-------  1 oneadmin cloud  3977 Jun 21 09:49 .viminfo
> drwxrwxrwx  3 oneadmin cloud  4096 Jun 21 16:18 0
> drwxrwxrwx  3 oneadmin cloud  4096 Jun 22 08:44 1
> -rw-r--r--  1 oneadmin cloud  1738 Jun 21 08:50 config
> drwxrwx--T  2 oneadmin root   4096 Jun 21 16:01 images
> -rw-r--r--  1 oneadmin cloud 91136 Jun 22 08:44 one.db
> -rw-r--r--  1 oneadmin cloud 16384 Jun 20 16:28 oneacct.db
> drwxr-xr-x  8 root     root   4096 Jun 20 09:33 remotes
>
> oneadmin at tyan-host:~/1$ pwd
> /var/lib/one/1
> oneadmin at tyan-host:~/1$ ls -la
> total 164
> drwxrwxrwx  3 oneadmin cloud 4096 Jun 22 08:44 .
> drwxr-xr-x 11 oneadmin root  4096 Jun 22 08:44 ..
> -rw-r--r--  1 oneadmin cloud  723 Jun 22 08:44 deployment.12
> drwxrwxrwx  2 oneadmin cloud 4096 Jun 22 08:44 images
> -rw-r--r--  1 oneadmin cloud  201 Jun 22 08:42 transfer.12.prolog
>
> oneadmin at tyan-host:~/1/images$ pwd
> /var/lib/one/1/images
> oneadmin at tyan-host:~/1/images$ ls -la
> total 2926580
> drwxrwxrwx 2 oneadmin cloud       4096 Jun 22 08:44 .
> drwxrwxrwx 3 oneadmin cloud       4096 Jun 22 08:44 ..
> -rw-r--r-- 1 oneadmin cloud        724 Jun 22 08:44 deployment.12
> -rw-rw-rw- 1 oneadmin cloud 2996799488 Jun 22 08:43 disk.0
> lrwxrwxrwx 1 oneadmin cloud         52 Jun 22 08:43 disk.1 ->
> /var/lib/one/images/a1a5f9b12659a78bdc54e9fe9c6ecb79
>
>
> Perhaps this helps to analyze the issue.
>
> Jan
>
> Dňa 21.06.2012 16:46, Jaime Melis  wrote / napísal(a):
>
> Hello Jan,
>
>  have you tried disabling apparmor in this one?
>
>  cheers,
> Jaime
>
> On Thu, Jun 21, 2012 at 4:34 PM, Jan Benadik <jan.benadik at atos.net> wrote:
>
>>  Hi all,
>>
>> I tried to install another host (Ubuntu 10.04 Server) and error message
>> in oned.log is a little bit different (see $SUBJ), error message in
>> /var/log/syslog is different too
>> (one-1 is name of VM instance):
>>
>> Jun 21 18:46:18 tyan-host kernel: [ 2879.259739] type=1505
>> audit(1340297178.115:19):  operation="profile_load" pid=2267
>> name="libvirt-1eda663e-1510-f50b-daf1-97c089f7872c"
>> Jun 21 18:46:18 tyan-host libvirtd: 18:46:18.135: error :
>> qemuDomainSetFileOwnership:2222 : cannot set ownership on
>> /var/lib/one/1/images/disk.0: Permission denied
>> Jun 21 18:46:48 tyan-host libvirtd: 18:46:48.146: error :
>> qemuMonitorOpenUnix:268 : monitor socket did not show up.: No such file or
>> directory
>> Jun 21 18:46:48 tyan-host libvirtd: 18:46:48.146: error :
>> qemuConnectMonitor:822 : Failed to connect monitor for one-1#012
>> Jun 21 18:46:48 tyan-host kernel: [ 2909.461423] type=1505
>> audit(1340297208.315:20):  operation="profile_remove" pid=2276
>> name="libvirt-1eda663e-1510-f50b-daf1-97c089f7872c" namespace="root"
>> Jun 21 18:46:48 tyan-host libvirtd: 18:46:48.329: error :
>> qemuDomainSetFileOwnership:2222 : cannot set ownership on
>> /var/lib/one/1/images/disk.1: Permission denied
>> Jun 21 18:46:48 tyan-host libvirtd: 18:46:48.329: warning :
>> qemudShutdownVMDaemon:2703 : Failed to restore all device ownership for
>> one-1
>>
>>
>> Any idea?
>>
>> --
>>
>> *Ján Beňadik*
>>  Managed Services - Solution Design Architect
>> +421 46 5151 332 <%2B421%2046%205151%20332>
>> +421 903 691 634 <%2B421%20903%20691%20634>
>> jan.benadik at atos.net <//jan.benadik at atos.net>
>> Vinohradnícka 6, 971 01 Prievidza
>> www.sk.atos.net
>> __________________________________
>>
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>>
>
>
>  --
> Jaime Melis
> Project Engineer
> OpenNebula - The Open Source Toolkit for Cloud Computing
> www.OpenNebula.org | jmelis at opennebula.org
>
>
> --
>
> *Ján Beňadik*
>  Managed Services - Solution Design Architect
> +421 46 5151 332
> +421 903 691 634
> jan.benadik at atos.net <//jan.benadik at atos.net>
> Vinohradnícka 6, 971 01 Prievidza
> www.sk.atos.net
> __________________________________
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>


-- 
Javier Fontán Muiños
Project Engineer
OpenNebula - The Open Source Toolkit for Data Center Virtualization
www.OpenNebula.org | jfontan at opennebula.org | @OpenNebula
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120629/ba99c376/attachment-0003.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 281 bytes
Desc: not available
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120629/ba99c376/attachment-0012.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1723 bytes
Desc: not available
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120629/ba99c376/attachment-0013.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1723 bytes
Desc: not available
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120629/ba99c376/attachment-0014.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 281 bytes
Desc: not available
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120629/ba99c376/attachment-0015.gif>

More information about the Users mailing list