[one-users] libvirt permissions issue:

Steven Timm timm at fnal.gov
Wed Apr 2 11:27:33 PDT 2014


This is about a test OpenNebula 4.4 installation but we have the same 
problem in OpenNebula 3.2 and have been kludging around it.

Head node and hypervisors, scientific linux 6,
libvirt qemu.conf has dynamic_ownership=0 as recommended in the guide.

non-default libvirt settings in libvirt.conf

unix_sock_group = "libvirtd"
unix_sock_ro_perms = "0777"
unix_sock_rw_perms = "0770"
auth_unix_ro = "none"
auth_unix_rw = "none"
log_level = 2
log_outputs = "2:syslog:libvirtd"
host_uuid = "1f31bfac-97e1-5ecb-83ab-0e2c2819db1c"

[root at fgtest11 ~]# rpm -q libvirt
libvirt-0.10.2-29.el6_5.3.x86_64
[root at fgtest11 ~]# rpm -q qemu-kvm
qemu-kvm-0.12.1.2-2.415.el6.x86_64
---------------------------

our datastore is using ssh-based transport
so that we have a system datastore on each VM host
What we see as the system brings the file over is that disk.0 is owned
by oneadmin with permissions 644.

Given that our libvirt runs things as qemu, the qemu does not have enough 
permissions to actually read/write the disk.0

(qemu user is in the oneadmin group, but the file is not group readable).

We have been kludging this by just adding a chmod 660 to the tm_clone.sh
script but there must be a better way.

Steve Timm

------------------------------------------------------------------
Steven C. Timm, Ph.D  (630) 840-8525
timm at fnal.gov  http://home.fnal.gov/~timm/
Fermilab Scientific Computing Division, Scientific Computing Services Quad.
Grid and Cloud Services Dept., Associate Dept. Head for Cloud Computing


More information about the Users mailing list