[one-users] oneimage QCOW2 problem: Error copying image in the datastore: Not allowed to copy image file

Gerry O'Brien gerry at scss.tcd.ie
Wed Sep 11 04:06:36 PDT 2013 

Hi Carlos,

     I appreciate the security issues. I'm just wondering why 
/var/lib/one/datastores is not a safe directory by default given it is 
the default location for datastores?

     Regards,
         Gerry


On 11/09/2013 11:51, Carlos Martín Sánchez wrote:
> Hi,
>
> Tue Sep 10 14:32:48 2013 [ImM][E]: cp: Not allowed to copy images from
>> /var/lib/one/ /etc/one/ /var/lib/one/
>
> The dir /var/lib/one is a restricted dir, and OpenNebula won't allow you to
> copy images from there. Otherwise, you could copy the DB or other
> authentication files. That's why it works from /datastores.
>
> See [1] for more information.
>
> Best regards.
>
> [1]
> http://opennebula.org/documentation:rel4.2:fs_ds#configuring_the_filesystem_datastores
>
>
> --
> Join us at OpenNebulaConf2013 <http://opennebulaconf.com> in Berlin, 24-26
> September, 2013
> --
> Carlos Martín, MSc
> Project Engineer
> OpenNebula - The Open-source Solution for Data Center Virtualization
> www.OpenNebula.org | cmartin at opennebula.org |
> @OpenNebula<http://twitter.com/opennebula><cmartin at opennebula.org>
>
>
> On Tue, Sep 10, 2013 at 4:59 PM, Gerry O'Brien <gerry at scss.tcd.ie> wrote:
>
>> Hi,
>>
>>      This seems to be a general issue not specific to QCOW2. For the moment
>> I've solved the issue by mounting the datastores (which are NFS exports for
>> a filestore) on the root partition at /datastores and created a symlink
>> form /var/lib/one/datatstore to /datastores.
>>
>>       Is this correct?
>>
>>              Gerry
>>
>>
>> On 10/09/2013 14:38, Gerry O'Brien wrote:
>>
>>> Hi,
>>>
>>>      I get the following error when trying to create an image from a QCOW2
>>> file:    "Error copying image in the datastore: Not allowed to copy image
>>> file /var/lib/one/datastores/1/**DELETEME.qcow2"
>>>      Below are the commands I use to create the QCOW2 file before trying
>>> to create the image named DELETEME using oneimage. The QCOW2 file is has
>>> been created with a backing file.
>>>
>>>      This used to work in Opennebula 3. I have made sure the use oneadmin
>>> is also in the cloud group in case it is some kind of permissions file.
>>>
>>>      Any ideas?
>>>
>>>          Regards,
>>>              Gerry
>>>
>>>
>>>
>>> qemu-img create -f qcow2 -o backing_file=/var/lib/one/**datastores/1/**
>>> e1e1735dada84a7c6290001b9a244e**be /var/lib/one/datastores/1/**DELETEME.qcow2
>>>
>>> qemu-img info /var/lib/one/datastores/1/**DELETEME.qcow2
>>> image: /var/lib/one/datastores/1/**DELETEME.qcow2
>>> file format: qcow2
>>> virtual size: 50G (53687091200 bytes)
>>> disk size: 12K
>>> cluster_size: 65536
>>> backing file: /var/lib/one/datastores/1/**e1e1735dada84a7c6290001b9a244e*
>>> *be
>>>
>>>
>>>
>>> ls -la /var/lib/one/datastores/1/**DELETEME.qcow2
>>> -rw-r--r-- 1 oneadmin oneadmin 197632 Sep 10 13:27
>>> /var/lib/one/datastores/1/**DELETEME.qcow2
>>>
>>>   oneimage create -d default --name DELETEME  --path
>>> /var/lib/one/datastores/1/**DELETEME.qcow2 --prefix hd --type OS
>>> --driver qcow2 --persistent
>>>
>>>
>>>
>>>
>>>
>>>
>>> Below is a similar error message when using the sunstone GUI
>>>
>>>
>>> Tue Sep 10 14:32:48 2013 [ImM][I]: Copying /var/lib/one/datastores/1/**VlabC_1.qcow2
>>> to repository for image 37
>>> Tue Sep 10 14:32:48 2013 [ReM][D]: Req:7232 UID:0 ImageAllocate result
>>> SUCCESS, 37
>>> Tue Sep 10 14:32:48 2013 [ReM][D]: Req:4064 UID:0 ImageInfo invoked, 37
>>> Tue Sep 10 14:32:48 2013 [ReM][D]: Req:4064 UID:0 ImageInfo result
>>> SUCCESS, "<IMAGE><ID>37</ID><U..."
>>> Tue Sep 10 14:32:48 2013 [ImM][I]: Command execution fail:
>>> /var/lib/one/remotes/**datastore/fs/cp PERTX0RSSVZFUl9BQ1RJT05fREFUQT**
>>> 48SU1BR0U+**PElEPjM3PC9JRD48VUlEPjA8L1VJRD**48R0lEPjA8L0dJRD48VU5BTUU+**
>>> b25lYWRtaW48L1VOQU1FPjxHTkFNRT**5vbmVhZG1pbjwvR05BTUU+PE5BTUU+**
>>> UUNPVzItRXhhbXBsZTwvTkFNRT48UE**VSTUlTU0lPTlM+PE9XTkVSX1U+**
>>> MTwvT1dORVJfVT48T1dORVJfTT4xPC**9PV05FUl9NPjxPV05FUl9BPjA8L09X**
>>> TkVSX0E+PEdST1VQX1U+**MDwvR1JPVVBfVT48R1JPVVBfTT4wPC**
>>> 9HUk9VUF9NPjxHUk9VUF9BPjA8L0dS**T1VQX0E+PE9USEVSX1U+**
>>> MDwvT1RIRVJfVT48T1RIRVJfTT4wPC**9PVEhFUl9NPjxPVEhFUl9BPjA8L09U**SEVSX0E+*
>>> *PC9QRVJNSVNTSU9OUz48VFlQRT4yPC**9UWVBFPjxESVNLX1RZUEU+**
>>> MDwvRElTS19UWVBFPjxQRVJTSVNURU**5UPjE8L1BFUlNJU1RFTlQ+**PFJFR1RJTUU+**
>>> MTM3ODgxOTk2ODwvUkVHVElNRT48U0**9VUkNFPjwvU09VUkNFPjxQQVRIPi92**
>>> YXIvbGliL29uZS9kYXRhc3RvcmVzLz**EvVmxhYkNfMS5xY293MjwvUEFUSD48**
>>> RlNUWVBFPjwvRlNUWVBFPjxTSVpFPj**E8L1NJWkU+**
>>> PFNUQVRFPjQ8L1NUQVRFPjxSVU5OSU**5HX1ZNUz4wPC9SVU5OSU5HX1ZNUz48**
>>> Q0xPTklOR19PUFM+**MDwvQ0xPTklOR19PUFM+**PENMT05JTkdfSUQ+**
>>> LTE8L0NMT05JTkdfSUQ+**PERBVEFTVE9SRV9JRD4xPC9EQVRBU1**RPUkVfSUQ+**
>>> PERBVEFTVE9SRT5kZWZhdWx0PC9EQV**RBU1RPUkU+**
>>> PFZNUz48L1ZNUz48Q0xPTkVTPjwvQ0**xPTkVTPjxURU1QTEFURT48REVWX1BS
>>>
>> RU
>>
>>> ZJWD48IVtDREFUQVtoZF1dPjwvREVW**X1BSRUZJWD48RFJJVkVSPjwhW0NEQV**
>>> RBW3Fjb3cyXV0+PC9EUklWRVI+**PC9URU1QTEFURT48L0lNQUdFPjxEQV**
>>> RBU1RPUkU+PElEPjE8L0lEPjxVSUQ+**MDwvVUlEPjxHSUQ+**
>>> MDwvR0lEPjxVTkFNRT5vbmVhZG1pbj**wvVU5BTUU+**
>>> PEdOQU1FPm9uZWFkbWluPC9HTkFNRT**48TkFNRT5kZWZhdWx0PC9OQU1FPjxQ**
>>> RVJNSVNTSU9OUz48T1dORVJfVT4xPC**9PV05FUl9VPjxPV05FUl9NPjE8L09X**
>>> TkVSX00+PE9XTkVSX0E+**MDwvT1dORVJfQT48R1JPVVBfVT4xPC**
>>> 9HUk9VUF9VPjxHUk9VUF9NPjA8L0dS**T1VQX00+PEdST1VQX0E+**
>>> MDwvR1JPVVBfQT48T1RIRVJfVT4xPC**9PVEhFUl9VPjxPVEhFUl9NPjA8L09U**
>>> SEVSX00+PE9USEVSX0E+**MDwvT1RIRVJfQT48L1BFUk1JU1NJT0**5TPjxEU19NQUQ+**
>>> ZnM8L0RTX01BRD48VE1fTUFEPnNoYX**JlZDwvVE1fTUFEPjxCQVNFX1BBVEg+**
>>> L3Zhci9saWIvb25lL2RhdGFzdG9yZX**MvMTwvQkFTRV9QQVRIPjxUWVBFPjA8**L1RZUEU+*
>>> *PERJU0tfVFlQRT4wPC9ESVNLX1RZUE**U+PENMVVNURVJfSUQ+**LTE8L0NMVVNURVJfSUQ+
>>> **PENMVVNURVI+**PC9DTFVTVEVSPjxUT1RBTF9NQj4yMj**QwNzIzNjwvVE9UQUxfTUI+**
>>> PEZSRUVfTUI+**MjIzNjQ1MzI8L0ZSRUVfTUI+**PFVTRURfTUI+**
>>> NDI3MDc8L1VTRURfTUI+**PElNQUdFUz48SUQ+MDwvSUQ+**
>>> PElEPjE8L0lEPjxJRD4yPC9JRD48SU**Q+MzwvSUQ+**PElEPjQ8L0lEPjxJRD4xNjwvSUQ+*
>>> *PElEPjIwPC9JRD48L0lNQU
>>>
>> d
>>
>>> FUz48VEVNUExBVEU+**PERTX01BRD48IVtDREFUQVtmc11dPj**wvRFNfTUFEPjxUTV9NQUQ+
>>> **PCFbQ0RBVEFbc2hhcmVkXV0+**PC9UTV9NQUQ+PFRZUEU+**
>>> PCFbQ0RBVEFbSU1BR0VfRFNdXT48L1**RZUEU+**PC9URU1QTEFURT48L0RBVEFTVE9SRT**
>>> 48L0RTX0RSSVZFUl9BQ1RJT05fREFU**QT4= 37
>>> Tue Sep 10 14:32:48 2013 [ImM][E]: cp: Not allowed to copy images from
>>> /var/lib/one/ /etc/one/ /var/lib/one/
>>> Tue Sep 10 14:32:48 2013 [ImM][E]: Not allowed to copy image file
>>> /var/lib/one/datastores/1/**VlabC_1.qcow2
>>> Tue Sep 10 14:32:48 2013 [ImM][I]: ExitCode: 255
>>> Tue Sep 10 14:32:48 2013 [ImM][E]: Error copying image in the datastore:
>>> Not allowed to copy image file /var/lib/one/datastores/1/**VlabC_1.qcow2
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>> --
>> Gerry O'Brien
>>
>> Systems Manager
>> School of Computer Science and Statistics
>> Trinity College Dublin
>> Dublin 2
>> IRELAND
>>
>> 00 353 1 896 1341
>>
>>
>> ______________________________**_________________
>> Users mailing list
>> Users at lists.opennebula.org
>> http://lists.opennebula.org/**listinfo.cgi/users-opennebula.**org<http://lists.opennebula.org/listinfo.cgi/users-opennebula.org>
>>


-- 
Gerry O'Brien

Systems Manager
School of Computer Science and Statistics
Trinity College Dublin
Dublin 2
IRELAND

00 353 1 896 1341

More information about the Users mailing list