On Mon, Feb 04, 2019 at 08:44:21PM -0200, Daniel Henrique Barboza wrote:
Hi Erik,
Just to let you know that the error I reported in one of my replies was being caused by one change I forgot to undo. This error here:
error : virQEMUCapsNewForBinaryInternal:4687 : internal error: Failed to probe QEMU binary with QMP: libvirt: error : prctl failed to enable 'dac_override' in the AMBIENT set: Operation not permitted
was happening because I have commented out this line inside qemu_capabilities.c:
--- a/src/qemu/qemu_capabilities.c +++ b/src/qemu/qemu_capabilities.c @@ -4519,7 +4519,7 @@ virQEMUCapsInitQMPCommandRun(virQEMUCapsInitQMPCommandPtr cmd, "-daemonize", NULL); virCommandAddEnvPassCommon(cmd->cmd); - virCommandClearCaps(cmd->cmd); + // virCommandClearCaps(cmd->cmd);
#if WITH_CAPNG /* QEMU might run into permission issues, e.g. /dev/sev (0600), override
Thus there is no need to move the PR_CAP_AMBIENT around to prevent the error message. Sorry for any alarms I might have raised there.
I'm still experiencing the issue with IPC_LOCK inside the guest though. I'll update here when I have concrete findings about it.
Any use of capabilities "inside the guest" is not libvirt's responsibility. It only cares about capabilities on the *host* OS used by QEMU. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|