3:33 a.m.
I use Ovirt under Fedora 11 with the latest developpement package and the VM
creation failed with :
bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
See the logs :
On the Ovirt Node
==> /var/log/messages <==
Jul 29 20:43:37 node62 kernel: device vnet0 entered promiscuous mode
Jul 29 20:43:37 node62 kernel: breth0: port 2(vnet0) entering learning state
Jul 29 20:43:37 node62 libvirtd: 20:43:37.873: info :
qemudDispatchSignalEvent:370 : Received unexpected signal 17
Jul 29 20:43:37 node62 libvirtd: 20:43:37.877: info :
qemudDispatchSignalEvent:370 : Received unexpected signal 17
Jul 29 20:43:37 node62 kernel: breth0: port 2(vnet0) entering disabled state
Jul 29 20:43:37 node62 kernel: device vnet0 left promiscuous mode
Jul 29 20:43:37 node62 kernel: breth0: port 2(vnet0) entering disabled state
Jul 29 20:43:37 node62 libvirtd: 20:43:37.977: error : qemudReadLogOutput:816
: internal error Process exited while reading console log output
Jul 29 20:43:37 node62 libvirtd: 20:43:37.977: error :
qemudWaitForMonitor:1103 : internal error unable to start guest:
bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied#012qemu:
could not open monitor device
'unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait'#012
Jul 29 20:43:38 node62 libvirtd: 20:43:38.073: error :
qemudDomainLookupByUUID:2644 : Domain not found: no domain with matching uuid
'492f836f-5123-e185-39c2-09c5dd43a7f6'
Jul 29 20:43:38 node62 libvirt-qpid: Error: virDomainLookupByUUIDString
Subsystem qemu: Domain not found: no domain with matching uuid '492f836f-5123-
e185-39c2-09c5dd43a7f6' in
NodeWrap.cpp:syncDomains:241 code: 42
==> /var/log/libvirt/qemu/VM-4.log <==
LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin HOME=/root USER=root LOGNAME=root
/usr/bin/qemu-kvm -S -M pc -m 256 -smp 1 -name VM-4 -uuid 492f836f-5123-
e185-39c2-09c5dd43a7f6 -monitor
unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait -boot n -net
nic,macaddr=00:16:3e:10:de:fe,vlan=0,name=nic.0 -net
tap,fd=18,vlan=0,name=tap.0 -serial pty -parallel none -usb -vnc 0.0.0.0:0 -
vga cirrus
bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
qemu: could not open monitor device
'unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait'
==> # rpm -qa | grep libvirt <==
libvirt-0.7.0-0.2.gitf055724.fc11.x86_64
libvirt-python-0.7.0-0.2.gitf055724.fc11.x86_64
libvirt-client-0.7.0-0.2.gitf055724.fc11.x86_64
libvirt-qpid-0.2.17-0.fc11.x86_64
Regards
--
Pierre-Gilles Mialon
Linagora :: http://www.linagora.com
Responsable hébergement :: Head of Hosting services
pmialon(a)linagora.com :: +33.1 58 18 65 46
3:44 a.m.
New subject: [libvirt] VM creation failed : Permission denied : bind(unix:/var/run/libvirt/qemu//VM.monitor)
On Thu, Jul 30, 2009 at 5:33 PM, Pierre-Gilles
Mialon<pmialon(a)linagora.com> wrote:
I use Ovirt under Fedora 11 with the latest developpement
package and the VM
creation failed with :
bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
Ugh, this is a regression introduced by my patch...
(see [PATCH] qemu: fix monitor socket reconnection)
Eventually we need to add ENOENT to errno checks, not replace EACCES
with ENOENT, I'm not sure why EACCES happens though. Anyone knows that?
ozaki-r
See the logs :
On the Ovirt Node
==> /var/log/messages <==
Jul 29 20:43:37 node62 kernel: device vnet0 entered promiscuous mode
Jul 29 20:43:37 node62 kernel: breth0: port 2(vnet0) entering learning state
Jul 29 20:43:37 node62 libvirtd: 20:43:37.873: info :
qemudDispatchSignalEvent:370 : Received unexpected signal 17
Jul 29 20:43:37 node62 libvirtd: 20:43:37.877: info :
qemudDispatchSignalEvent:370 : Received unexpected signal 17
Jul 29 20:43:37 node62 kernel: breth0: port 2(vnet0) entering disabled state
Jul 29 20:43:37 node62 kernel: device vnet0 left promiscuous mode
Jul 29 20:43:37 node62 kernel: breth0: port 2(vnet0) entering disabled state
Jul 29 20:43:37 node62 libvirtd: 20:43:37.977: error : qemudReadLogOutput:816
: internal error Process exited while reading console log output
Jul 29 20:43:37 node62 libvirtd: 20:43:37.977: error :
qemudWaitForMonitor:1103 : internal error unable to start guest:
bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied#012qemu:
could not open monitor device
'unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait'#012
Jul 29 20:43:38 node62 libvirtd: 20:43:38.073: error :
qemudDomainLookupByUUID:2644 : Domain not found: no domain with matching uuid
'492f836f-5123-e185-39c2-09c5dd43a7f6'
Jul 29 20:43:38 node62 libvirt-qpid: Error: virDomainLookupByUUIDString
Subsystem qemu: Domain not found: no domain with matching uuid '492f836f-5123-
e185-39c2-09c5dd43a7f6' in
NodeWrap.cpp:syncDomains:241 code: 42
==> /var/log/libvirt/qemu/VM-4.log <==
LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin HOME=/root USER=root LOGNAME=root
/usr/bin/qemu-kvm -S -M pc -m 256 -smp 1 -name VM-4 -uuid 492f836f-5123-
e185-39c2-09c5dd43a7f6 -monitor
unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait -boot n -net
nic,macaddr=00:16:3e:10:de:fe,vlan=0,name=nic.0 -net
tap,fd=18,vlan=0,name=tap.0 -serial pty -parallel none -usb -vnc 0.0.0.0:0 -
vga cirrus
bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
qemu: could not open monitor device
'unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait'
==> # rpm -qa | grep libvirt <==
libvirt-0.7.0-0.2.gitf055724.fc11.x86_64
libvirt-python-0.7.0-0.2.gitf055724.fc11.x86_64
libvirt-client-0.7.0-0.2.gitf055724.fc11.x86_64
libvirt-qpid-0.2.17-0.fc11.x86_64
Regards
--
Pierre-Gilles Mialon
Linagora :: http://www.linagora.com
Responsable hébergement :: Head of Hosting services
pmialon(a)linagora.com :: +33.1 58 18 65 46
--
Libvir-list mailing list
Libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
3:57 a.m.
On Thu, Jul 30, 2009 at 05:44:41PM +0900, Ryota Ozaki wrote:
On Thu, Jul 30, 2009 at 5:33 PM, Pierre-Gilles
Mialon<pmialon(a)linagora.com> wrote:
> I use Ovirt under Fedora 11 with the latest developpement package and the VM
> creation failed with :
> bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
Ugh, this is a regression introduced by my patch...
(see [PATCH] qemu: fix monitor socket reconnection)
Eventually we need to add ENOENT to errno checks, not replace EACCES
with ENOENT, I'm not sure why EACCES happens though. Anyone knows that?
[...]
> libvirt-0.7.0-0.2.gitf055724.fc11.x86_64
> libvirt-python-0.7.0-0.2.gitf055724.fc11.x86_64
> libvirt-client-0.7.0-0.2.gitf055724.fc11.x86_64
> libvirt-qpid-0.2.17-0.fc11.x86_64
Unclear, he's using the prerelease code from monday, not the one
with the EACCES -> ENOENT replacement patch.
One possibility for EACCES could be if the socket creation in qemu was
done with a mode not allowing access and modified in subsequent code,
allowing for a small windows where EACCES would be returned. Someone
should check qemu code.
I think allowing again retry on EACCES should be fine anyway, I don't
see how that could break things, we would just hit a time out in the
worst case where access is never granted.
So my take is to just do the enclosed patch,
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
4:49 a.m.
New subject: [libvirt] VM creation failed : Permission denied : bind(unix:/var/run/libvirt/qemu//VM.monitor)
On Thu, Jul 30, 2009 at 5:57 PM, Daniel Veillard<veillard(a)redhat.com> wrote:
On Thu, Jul 30, 2009 at 05:44:41PM +0900, Ryota Ozaki wrote:
> On Thu, Jul 30, 2009 at 5:33 PM, Pierre-Gilles
> Mialon<pmialon(a)linagora.com> wrote:
> > I use Ovirt under Fedora 11 with the latest developpement package and the
VM
> > creation failed with :
> > bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
>
> Ugh, this is a regression introduced by my patch...
> (see [PATCH] qemu: fix monitor socket reconnection)
>
> Eventually we need to add ENOENT to errno checks, not replace EACCES
> with ENOENT, I'm not sure why EACCES happens though. Anyone knows that?
[...]
> > libvirt-0.7.0-0.2.gitf055724.fc11.x86_64
> > libvirt-python-0.7.0-0.2.gitf055724.fc11.x86_64
> > libvirt-client-0.7.0-0.2.gitf055724.fc11.x86_64
> > libvirt-qpid-0.2.17-0.fc11.x86_64
Unclear, he's using the prerelease code from monday, not the one
with the EACCES -> ENOENT replacement patch.
Sorry, I missed it...
One possibility for EACCES could be if the socket creation in qemu
was
done with a mode not allowing access and modified in subsequent code,
allowing for a small windows where EACCES would be returned. Someone
should check qemu code.
I think allowing again retry on EACCES should be fine anyway, I don't
see how that could break things, we would just hit a time out in the
worst case where access is never granted.
I'm too eager to conclusion and I thought it an error in libvirtd, but yes,
it's an error in qemu.
With short viewing, qemu looks doing nothing for granting access permissions
in its code so the time out likely to happen.
Thus, I'm suspecting that qemu does not have access permission to
/var/run/libvirt/qemu/
(or selinux).
ozaki-r
So my take is to just do the enclosed patch,
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
5:24 a.m.
On Thu, Jul 30, 2009 at 10:57:53AM +0200, Daniel Veillard wrote:
On Thu, Jul 30, 2009 at 05:44:41PM +0900, Ryota Ozaki wrote:
> On Thu, Jul 30, 2009 at 5:33 PM, Pierre-Gilles
> Mialon<pmialon(a)linagora.com> wrote:
> > I use Ovirt under Fedora 11 with the latest developpement package and
the VM
> > creation failed with :
> > bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
>
> Ugh, this is a regression introduced by my patch...
> (see [PATCH] qemu: fix monitor socket reconnection)
>
> Eventually we need to add ENOENT to errno checks, not replace EACCES
> with ENOENT, I'm not sure why EACCES happens though. Anyone knows that?
[...]
> > libvirt-0.7.0-0.2.gitf055724.fc11.x86_64
> > libvirt-python-0.7.0-0.2.gitf055724.fc11.x86_64
> > libvirt-client-0.7.0-0.2.gitf055724.fc11.x86_64
> > libvirt-qpid-0.2.17-0.fc11.x86_64
Unclear, he's using the prerelease code from monday, not the one
with the EACCES -> ENOENT replacement patch.
One possibility for EACCES could be if the socket creation in qemu was
done with a mode not allowing access and modified in subsequent code,
allowing for a small windows where EACCES would be returned. Someone
should check qemu code.
I think allowing again retry on EACCES should be fine anyway, I don't
see how that could break things, we would just hit a time out in the
worst case where access is never granted.
diff --git a/src/qemu_driver.c b/src/qemu_driver.c
index 9fb8506..1877cc0 100644
--- a/src/qemu_driver.c
+++ b/src/qemu_driver.c
@@ -917,8 +917,9 @@ qemudOpenMonitorUnix(virConnectPtr conn,
if (ret == 0)
break;
- if (errno == ENOENT || errno == ECONNREFUSED) {
+ if (errno == ENOENT || errno == EACCES || errno == ECONNREFUSED) {
/* ENOENT : Socket may not have shown up yet
+ * EACCES : acces is not yet granted
* ECONNREFUSED : Leftover socket hasn't been removed yet */
continue;
}
NACK, this is not going to help.
The error message is coming from QEMU itself, unable to bind() to the
socket. THis code is in libvirtd attempting to connect() to the socket.
So this isn't where the bug is. In any case if permissions aren't
correct, retrying isn't going to magically make them work.
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
5:32 a.m.
On Thu, 2009-07-30 at 11:24 +0100, Daniel P. Berrange wrote:
The error message is coming from QEMU itself, unable to bind() to
the
socket. THis code is in libvirtd attempting to connect() to the socket.
So this isn't where the bug is. In any case if permissions aren't
correct, retrying isn't going to magically make them work.
There spec file screwage probably caused permissions problems; they
should be fixed in the latest snapshot builds.
Cheers,
Mark.
3:48 a.m.
On Thu, Jul 30, 2009 at 10:33:31AM +0200, Pierre-Gilles Mialon wrote:
I use Ovirt under Fedora 11 with the latest developpement package
and the VM
creation failed with :
bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
See the logs :
[...]
bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
qemu: could not open monitor device
'unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait'
==> # rpm -qa | grep libvirt <==
libvirt-0.7.0-0.2.gitf055724.fc11.x86_64
libvirt-python-0.7.0-0.2.gitf055724.fc11.x86_64
libvirt-client-0.7.0-0.2.gitf055724.fc11.x86_64
libvirt-qpid-0.2.17-0.fc11.x86_64
Very likely to be the issue this week about qemu domain startup,
see
https://www.redhat.com/archives/libvir-list/2009-July/msg00937.html
and yesterday's message
https://www.redhat.com/archives/libvir-list/2009-July/msg01002.html
so try out the new version please,
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
6:22 a.m.
On Thu, Jul 30, 2009 at 10:48:30AM +0200, Daniel Veillard wrote:
On Thu, Jul 30, 2009 at 10:33:31AM +0200, Pierre-Gilles Mialon
wrote:
> I use Ovirt under Fedora 11 with the latest developpement package and the VM
> creation failed with :
> bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
>
> See the logs :
[...]
> bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
> qemu: could not open monitor device
> 'unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait'
>
> ==> # rpm -qa | grep libvirt <==
> libvirt-0.7.0-0.2.gitf055724.fc11.x86_64
> libvirt-python-0.7.0-0.2.gitf055724.fc11.x86_64
> libvirt-client-0.7.0-0.2.gitf055724.fc11.x86_64
> libvirt-qpid-0.2.17-0.fc11.x86_64
>
Very likely to be the issue this week about qemu domain startup,
see
https://www.redhat.com/archives/libvir-list/2009-July/msg00937.html
and yesterday's message
https://www.redhat.com/archives/libvir-list/2009-July/msg01002.html
so try out the new version please,
More specifically, could you try to upgrade your libvirt-* rpms to the
ones there and report if this fixes the issue ?
http://kojipkgs.fedoraproject.org/packages/libvirt/0.7.0/0.7.gite195b43.f...
thanks !
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/
7:18 a.m.
Le jeudi 30 juillet 2009 13:22:45, Daniel Veillard a écrit :
On Thu, Jul 30, 2009 at 10:48:30AM +0200, Daniel Veillard wrote:
> On Thu, Jul 30, 2009 at 10:33:31AM +0200, Pierre-Gilles Mialon wrote:
> > I use Ovirt under Fedora 11 with the latest developpement package and
> > the VM creation failed with :
> > bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
> >
> > See the logs :
>
> [...]
>
> > bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
> > qemu: could not open monitor device
> > 'unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait'
> >
> > ==> # rpm -qa | grep libvirt <==
> > libvirt-0.7.0-0.2.gitf055724.fc11.x86_64
> > libvirt-python-0.7.0-0.2.gitf055724.fc11.x86_64
> > libvirt-client-0.7.0-0.2.gitf055724.fc11.x86_64
> > libvirt-qpid-0.2.17-0.fc11.x86_64
>
> Very likely to be the issue this week about qemu domain startup,
> see
> https://www.redhat.com/archives/libvir-list/2009-July/msg00937.html
> and yesterday's message
> https://www.redhat.com/archives/libvir-list/2009-July/msg01002.html
>
> so try out the new version please,
More specifically, could you try to upgrade your libvirt-* rpms to the
ones there and report if this fixes the issue ?
http://kojipkgs.fedoraproject.org/packages/libvirt/0.7.0/0.7.gite195b43.fc1
2/
I am under fedora 11, so I rpmbuild --rebuild
http://kojipkgs.fedoraproject.org/packages/libvirt/0.7.0/0.7.gite195b43.f...
I upgraded my ovirt-nodes
rpm -Uvh libvirt-*rpm
restart the libvirtd and libvirt-qpid services and I still have the same error messages.
Jul 30 12:08:08 node62 libvirtd: 12:08:08.044: info : qemudDispatchSignalEvent:370 :
Received unexpected signal 17
Jul 30 12:08:08 node62 kernel: device vnet0 entered promiscuous mode
Jul 30 12:08:08 node62 kernel: breth0: port 2(vnet0) entering learning state
Jul 30 12:08:08 node62 libvirtd: 12:08:08.050: info : qemudDispatchSignalEvent:370 :
Received unexpected signal 17
Jul 30 12:08:08 node62 kernel: breth0: port 2(vnet0) entering disabled state
Jul 30 12:08:08 node62 kernel: device vnet0 left promiscuous mode
Jul 30 12:08:08 node62 kernel: breth0: port 2(vnet0) entering disabled state
Jul 30 12:08:08 node62 libvirtd: 12:08:08.150: error : qemudReadLogOutput:816 : internal
error Process exited while reading console log output
Jul 30 12:08:08 node62 libvirtd: 12:08:08.151: error : qemudWaitForMonitor:1103 : internal
error unable to start guest: bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission
denied#012qemu:
could not open monitor device
'unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait'#012
Jul 30 12:08:08 node62 libvirtd: 12:08:08.249: error : qemudDomainLookupByUUID:2644 :
Domain not found: no domain with matching uuid
'492f836f-5123-e185-39c2-09c5dd43a7f6'
Jul 30 12:08:08 node62 libvirt-qpid: Error: virDomainLookupByUUIDString Subsystem qemu:
Domain not found: no domain with matching uuid
'492f836f-5123-e185-39c2-09c5dd43a7f6' in
NodeWrap.cpp:syncDomains:241 code: 42
but now :
rpm -qa | grep libvirt
libvirt-0.7.0-0.7.gite195b43.fc11.x86_64
libvirt-qpid-0.2.17-0.fc11.x86_64
libvirt-client-0.7.0-0.7.gite195b43.fc11.x86_64
libvirt-python-0.7.0-0.7.gite195b43.fc11.x86_64
I try to chmod 777 /var/run/libvirt/qemu/
--> same issue
I try to force the root user in /etc/libvirt/qemu.conf
--> idem
I search a way to cleanly disable SElinux on the ovirt-node to see
what happened in this case.
--
Pierre-Gilles Mialon
Linagora :: http://www.linagora.com
Responsable hébergement :: Head of Hosting services
pmialon(a)linagora.com :: +33.1 58 18 65 46
5:26 a.m.
On Thu, Jul 30, 2009 at 10:33:31AM +0200, Pierre-Gilles Mialon wrote:
I use Ovirt under Fedora 11 with the latest developpement package
and the VM
creation failed with :
bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
==> /var/log/libvirt/qemu/VM-4.log <==
LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin HOME=/root USER=root LOGNAME=root
/usr/bin/qemu-kvm -S -M pc -m 256 -smp 1 -name VM-4 -uuid 492f836f-5123-
e185-39c2-09c5dd43a7f6 -monitor
unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait -boot n -net
nic,macaddr=00:16:3e:10:de:fe,vlan=0,name=nic.0 -net
tap,fd=18,vlan=0,name=tap.0 -serial pty -parallel none -usb -vnc 0.0.0.0:0 -
vga cirrus
bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
qemu: could not open monitor device
'unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait'
==> # rpm -qa | grep libvirt <==
libvirt-0.7.0-0.2.gitf055724.fc11.x86_64
libvirt-python-0.7.0-0.2.gitf055724.fc11.x86_64
libvirt-client-0.7.0-0.2.gitf055724.fc11.x86_64
libvirt-qpid-0.2.17-0.fc11.x86_64
Is SELinux in enforcing mode ? It is quite likley that we'll need to
update the policy to allow QEMU to use UNIX domain sockets here, since
historically we've only had to allow PTYs.
If SELinux isn't enforcing,t hen the other candidate is that the QEMU
driver is configured to run VMs are 'qemu' user account, and the
/var/run/libvirt/qemu directory is mistakenly owned by 'root'
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
8:36 a.m.
Le jeudi 30 juillet 2009 12:26:57, Daniel P. Berrange a écrit :
On Thu, Jul 30, 2009 at 10:33:31AM +0200, Pierre-Gilles Mialon
wrote:
> I use Ovirt under Fedora 11 with the latest developpement package and
> the VM creation failed with :
> bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
>
>
> ==> /var/log/libvirt/qemu/VM-4.log <==
> LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin HOME=/root USER=root
> LOGNAME=root /usr/bin/qemu-kvm -S -M pc -m 256 -smp 1 -name VM-4 -uuid
> 492f836f-5123- e185-39c2-09c5dd43a7f6 -monitor
> unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait -boot n -net
> nic,macaddr=00:16:3e:10:de:fe,vlan=0,name=nic.0 -net
> tap,fd=18,vlan=0,name=tap.0 -serial pty -parallel none -usb -vnc
> 0.0.0.0:0 - vga cirrus
> bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
> qemu: could not open monitor device
> 'unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait'
>
> ==> # rpm -qa | grep libvirt <==
> libvirt-0.7.0-0.2.gitf055724.fc11.x86_64
> libvirt-python-0.7.0-0.2.gitf055724.fc11.x86_64
> libvirt-client-0.7.0-0.2.gitf055724.fc11.x86_64
> libvirt-qpid-0.2.17-0.fc11.x86_64
Is SELinux in enforcing mode ? It is quite likley that we'll need to
update the policy to allow QEMU to use UNIX domain sockets here, since
historically we've only had to allow PTYs.
Yes it was, disabling SELinux fix it...
I tried to put it in permissive mode and it works too.
Thanks !
--
Pierre-Gilles Mialon
Linagora :: http://www.linagora.com
Responsable hébergement :: Head of Hosting services
pmialon(a)linagora.com :: +33.1 58 18 65 46
8:49 a.m.
On Thu, Jul 30, 2009 at 03:36:37PM +0200, Pierre-Gilles Mialon wrote:
Le jeudi 30 juillet 2009 12:26:57, Daniel P. Berrange a écrit :
> On Thu, Jul 30, 2009 at 10:33:31AM +0200, Pierre-Gilles Mialon wrote:
> > I use Ovirt under Fedora 11 with the latest developpement package and
> > the VM creation failed with :
> > bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
> >
> >
> > ==> /var/log/libvirt/qemu/VM-4.log <==
> > LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin HOME=/root USER=root
> > LOGNAME=root /usr/bin/qemu-kvm -S -M pc -m 256 -smp 1 -name VM-4 -uuid
> > 492f836f-5123- e185-39c2-09c5dd43a7f6 -monitor
> > unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait -boot n -net
> > nic,macaddr=00:16:3e:10:de:fe,vlan=0,name=nic.0 -net
> > tap,fd=18,vlan=0,name=tap.0 -serial pty -parallel none -usb -vnc
> > 0.0.0.0:0 - vga cirrus
> > bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
> > qemu: could not open monitor device
> > 'unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait'
> >
> > ==> # rpm -qa | grep libvirt <==
> > libvirt-0.7.0-0.2.gitf055724.fc11.x86_64
> > libvirt-python-0.7.0-0.2.gitf055724.fc11.x86_64
> > libvirt-client-0.7.0-0.2.gitf055724.fc11.x86_64
> > libvirt-qpid-0.2.17-0.fc11.x86_64
>
> Is SELinux in enforcing mode ? It is quite likley that we'll need to
> update the policy to allow QEMU to use UNIX domain sockets here, since
> historically we've only had to allow PTYs.
Yes it was, disabling SELinux fix it...
I tried to put it in permissive mode and it works too.
Ok, can you file a bug against 'selinux-policy', requesting that the
policy allow QEMU guests the ability to bind/listen to UNIX sockets
under /var/run/libvirt/qemu
Regards,
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
5593
days inactive
5593
days old
11 comments
5 participants
participants (5)
-
Daniel P. Berrange -
Daniel Veillard -
Mark McLoughlin -
Pierre-Gilles Mialon -
Ryota Ozaki