[libvirt] snapshot-create-as Permission denied
May 25 20:50:59 ovirtdev NetworkManager[2370]: <warn> /sys/devices/virtual/net/vnet0: couldn't determine device driver; ignoring... root@ovirtdev images]# virsh snapshot-create-as linux snapshot1 "snapshot1" --disk-only --atomic error: internal error unable to execute QEMU command 'transaction': /var/lib/libvirt/images/test.snapshot1: error while creating qcow2: Permission denied
On 05/25/2013 06:40 PM, yue wrote:
May 25 20:50:59 ovirtdev NetworkManager[2370]: <warn> /sys/devices/virtual/net/vnet0: couldn't determine device driver; ignoring... root@ovirtdev <mailto:root@ovirtdev> images]# virsh snapshot-create-as linux snapshot1 "snapshot1" --disk-only --atomic error: internal error unable to execute QEMU command 'transaction': /var/lib/libvirt/images/test.snapshot1: error while creating qcow2: Permission denied
A few questions: 1/ What distribution ? 2/ Versions of libvirt, qemu (some versions? Please note that, libvirt uses QEMU's 'transaction' command under the hood when the guest is 'live'. So, if you're using an older version of QEMU, it might not have "transaction" command in it. 3/ Are you using "virsh" independently or are you mangling libvirt commands with oVirt environment ? (from your initial post, it appears it's an oVirt node). -- /kashyap
hi. my environment: centos 6.3, qemu 1.5(source code build), libvirt libvirt-0.10.2-18.el6_4.2.x86_64.selinux enforce . i have 2 questions 1.snapshot. permisson deny. dumpxml: <seclabel type='dynamic' model='selinux' relabel='yes'> <label>system_u:system_r:svirt_t:s0:c33,c172</label> <imagelabel>system_u:object_r:svirt_image_t:s0:c33,c172</imagelabel> </seclabel> command line: [root@ovirtdev images]# ls -lZ -rw-r--r--. qemu qemu system_u:object_r:virt_image_t:s0 test.qcow2 image does not have the same MLS? it does not seem like a selinux problem, because selinix does not record this deny. 2.vnet problem May 27 09:48:49 ovirtdev NetworkManager[2365]: <warn> /sys/devices/virtual/net/vnet0: couldn't determine device driver; ignoring... [root@ovirtdev images]# brctl show bridge name bridge id STP enabled interfaces ovirtmgmt 8000.000c290a2351 no eth0 vnet0 what is the reason? does it matter with libvirt? thanks At 2013-05-25 23:41:18,"Kashyap Chamarthy" <kchamart@redhat.com> wrote:
On 05/25/2013 06:40 PM, yue wrote:
May 25 20:50:59 ovirtdev NetworkManager[2370]: <warn> /sys/devices/virtual/net/vnet0: couldn't determine device driver; ignoring... root@ovirtdev <mailto:root@ovirtdev> images]# virsh snapshot-create-as linux snapshot1 "snapshot1" --disk-only --atomic error: internal error unable to execute QEMU command 'transaction': /var/lib/libvirt/images/test.snapshot1: error while creating qcow2: Permission denied
A few questions:
1/ What distribution ?
2/ Versions of libvirt, qemu (some versions?
Please note that, libvirt uses QEMU's 'transaction' command under the hood when the guest is 'live'. So, if you're using an older version of QEMU, it might not have "transaction" command in it.
3/ Are you using "virsh" independently or are you mangling libvirt commands with oVirt environment ? (from your initial post, it appears it's an oVirt node).
-- /kashyap
On 05/27/2013 08:26 AM, yue wrote:
hi. my environment: centos 6.3, qemu 1.5(source code build),
I don't know how you've built or what else have you included/excluded in it.
libvirt libvirt-0.10.2-18.el6_4.2.x86_64.selinux enforce . i have 2 questions 1.snapshot. permisson deny. dumpxml: <seclabel type='dynamic' model='selinux' relabel='yes'> <label>system_u:system_r:svirt_t:s0:c33,c172</label> <imagelabel>system_u:object_r:svirt_image_t:s0:c33,c172</imagelabel> </seclabel> command line: [root@ovirtdev images]# ls -lZ -rw-r--r--. qemu qemu system_u:object_r:virt_image_t:s0 test.qcow2 image does not have the same MLS? it does not seem like a selinux problem, because selinix does not record this deny.
Also can you check what's the context of your SELinux process ? $ ps -eZ | grep qemu-kvm Working here just fine (but this is Fedora 19): --------- $ ls -lZ /home/test/vmimages/regular-guest.qcow2 -rw-r--r--. qemu qemu system_u:object_r:svirt_image_t:s0:c390,c525 /home/test/vmimages/regular-guest.qcow2 $ ps -eZ | grep -i qemu system_u:system_r:svirt_t:s0:c390,c525 1969 ? 04:21:20 qemu-system-x86 $ virsh dumpxml regular-guest | grep seclabel -A4 <seclabel type='dynamic' model='selinux' relabel='yes'> <label>system_u:system_r:svirt_t:s0:c390,c525</label> <imagelabel>system_u:object_r:svirt_image_t:s0:c390,c525</imagelabel> </seclabel> ---------
2.vnet problem May 27 09:48:49 ovirtdev NetworkManager[2365]: <warn> /sys/devices/virtual/net/vnet0: couldn't determine device driver; ignoring...
[root@ovirtdev images]# brctl show bridge name bridge id STP enabled interfaces ovirtmgmt 8000.000c290a2351 no eth0 vnet0 what is the reason? does it matter with libvirt?
thanks
At 2013-05-25 23:41:18,"Kashyap Chamarthy" <kchamart@redhat.com> wrote:
On 05/25/2013 06:40 PM, yue wrote:
May 25 20:50:59 ovirtdev NetworkManager[2370]: <warn> /sys/devices/virtual/net/vnet0: couldn't determine device driver; ignoring... root@ovirtdev <mailto:root@ovirtdev> images]# virsh snapshot-create-as linux snapshot1 "snapshot1" --disk-only --atomic error: internal error unable to execute QEMU command 'transaction': /var/lib/libvirt/images/test.snapshot1: error while creating qcow2: Permission denied
A few questions:
1/ What distribution ?
2/ Versions of libvirt, qemu (some versions?
Please note that, libvirt uses QEMU's 'transaction' command under the hood when the guest is 'live'. So, if you're using an older version of QEMU, it might not have "transaction" command in it.
3/ Are you using "virsh" independently or are you mangling libvirt commands with oVirt environment ? (from your initial post, it appears it's an oVirt node).
-- /kashyap
-- /kashyap
On 05/26/2013 08:56 PM, yue wrote: [please don't top-post on technical lists]
hi. my environment: centos 6.3, qemu 1.5(source code build), libvirt libvirt-0.10.2-18.el6_4.2.x86_64.selinux enforce .
It's best to use the entire stack from your distro, or to self-build the entire stack. Mixing newer qemu with older libvirt might have unexpected consequences, and since you are using CentOS, you have no one to blame but yourself. We are unable to help you here unless you can reproduce the problem with the latest libvirt.
i have 2 questions 1.snapshot. permisson deny. dumpxml: <seclabel type='dynamic' model='selinux' relabel='yes'> <label>system_u:system_r:svirt_t:s0:c33,c172</label> <imagelabel>system_u:object_r:svirt_image_t:s0:c33,c172</imagelabel> </seclabel> command line: [root@ovirtdev images]# ls -lZ -rw-r--r--. qemu qemu system_u:object_r:virt_image_t:s0 test.qcow2 image does not have the same MLS? it does not seem like a selinux problem, because selinix does not record this deny.
There have been bug fixes in upstream libvirt related to permissions on snapshot creation, although it's hard to say whether all of those have been backported into the downstream version of libvirt that you are using. -- Eric Blake eblake redhat com +1-919-301-3266 Libvirt virtualization library http://libvirt.org
participants (3)
-
Eric Blake -
Kashyap Chamarthy -
yue