Re:Re: failed to start vm after add vsock device
Michal, thanks.
i have another question which is related to kata-container.
when there is only one virtiofs-device , how does it do that in guest there are 4 times
of virtiofs-mounts that have same src and different targets.
# in guest
[root@kvm kata-containers]# docker exec efda32ca6a93 mount | grep kataShared
kataShared on / type virtiofs (rw,relatime)
kataShared on /etc/resolv.conf type virtiofs (rw,relatime)
kataShared on /etc/hostname type virtiofs (rw,relatime)
kataShared on /etc/hosts type virtiofs (rw,relatime)
# qemu-kvm
-chardev
socket,id=char-c91f3c6a619cec75,path=/run/vc/vm/efda32ca6a93491ac173dc2ad8a38ac095abab3bd8147a1101851f2a0a8d9012/vhost-fs.sock
-device vhost-user-fs-pci,chardev=char-c91f3c6a619cec75,tag=kataShared,romfile=
At 2021-01-27 21:31:49, "Michal Privoznik" <mprivozn(a)redhat.com> wrote:
On 1/26/21 2:13 PM, longguang.yue wrote:
> Hi, all:
>
> there is no error when launch qemu-kvm from cli directly, but vm fails to start
via libvirtd.
> i have tried to chmod 0666 /dev/vhost-vsock.
>
>
> error: internal error: qemu unexpectedly closed the monitor:
2021-01-26T13:06:06.403097Z qemu-kvm: -device
vhost-vsock-pci,id=vhost-vsock-pci0,guest-cid=4: vhost-vsock: failed to open vhost device:
Unknown error -13
Errno 13 is EACCES (Permission denied) which means that libvirt didn't
set seclabel on something ...
>
>
>
> <qemu:commandline>
> <qemu:arg value='-device'/>
> <qemu:arg
value='vhost-vsock-pci,id=vhost-vsock-pci0,guest-cid=4'/>
> </qemu:commandline>
.. and this is explains why. Anything that's added via qemu commandline
passthru is opaque to libvirt. Libvirt does not examine it, nor it sets
any labels, nothing. If you use it, you're on your own. However, vsock
was added to libvirt (almost 3 years ago) and instead of passing through
a command line you can define vsock device:
https://libvirt.org/formatdomain.html#vsock
For instance like this:
<vsock model='virtio'>
<cid auto='no' address='3'/>
</vsock>
Michal