[libvirt] VM creation failed : Permission denied : bind(unix:/var/run/libvirt/qemu//VM.monitor)
I use Ovirt under Fedora 11 with the latest developpement package and the VM creation failed with : bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied See the logs : On the Ovirt Node ==> /var/log/messages <== Jul 29 20:43:37 node62 kernel: device vnet0 entered promiscuous mode Jul 29 20:43:37 node62 kernel: breth0: port 2(vnet0) entering learning state Jul 29 20:43:37 node62 libvirtd: 20:43:37.873: info : qemudDispatchSignalEvent:370 : Received unexpected signal 17 Jul 29 20:43:37 node62 libvirtd: 20:43:37.877: info : qemudDispatchSignalEvent:370 : Received unexpected signal 17 Jul 29 20:43:37 node62 kernel: breth0: port 2(vnet0) entering disabled state Jul 29 20:43:37 node62 kernel: device vnet0 left promiscuous mode Jul 29 20:43:37 node62 kernel: breth0: port 2(vnet0) entering disabled state Jul 29 20:43:37 node62 libvirtd: 20:43:37.977: error : qemudReadLogOutput:816 : internal error Process exited while reading console log output Jul 29 20:43:37 node62 libvirtd: 20:43:37.977: error : qemudWaitForMonitor:1103 : internal error unable to start guest: bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied#012qemu: could not open monitor device 'unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait'#012 Jul 29 20:43:38 node62 libvirtd: 20:43:38.073: error : qemudDomainLookupByUUID:2644 : Domain not found: no domain with matching uuid '492f836f-5123-e185-39c2-09c5dd43a7f6' Jul 29 20:43:38 node62 libvirt-qpid: Error: virDomainLookupByUUIDString Subsystem qemu: Domain not found: no domain with matching uuid '492f836f-5123- e185-39c2-09c5dd43a7f6' in NodeWrap.cpp:syncDomains:241 code: 42 ==> /var/log/libvirt/qemu/VM-4.log <== LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin HOME=/root USER=root LOGNAME=root /usr/bin/qemu-kvm -S -M pc -m 256 -smp 1 -name VM-4 -uuid 492f836f-5123- e185-39c2-09c5dd43a7f6 -monitor unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait -boot n -net nic,macaddr=00:16:3e:10:de:fe,vlan=0,name=nic.0 -net tap,fd=18,vlan=0,name=tap.0 -serial pty -parallel none -usb -vnc 0.0.0.0:0 - vga cirrus bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied qemu: could not open monitor device 'unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait' ==> # rpm -qa | grep libvirt <== libvirt-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-python-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-client-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-qpid-0.2.17-0.fc11.x86_64 Regards -- Pierre-Gilles Mialon Linagora :: http://www.linagora.com Responsable hébergement :: Head of Hosting services pmialon@linagora.com :: +33.1 58 18 65 46
On Thu, Jul 30, 2009 at 5:33 PM, Pierre-Gilles Mialon<pmialon@linagora.com> wrote:
I use Ovirt under Fedora 11 with the latest developpement package and the VM creation failed with : bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
Ugh, this is a regression introduced by my patch... (see [PATCH] qemu: fix monitor socket reconnection) Eventually we need to add ENOENT to errno checks, not replace EACCES with ENOENT, I'm not sure why EACCES happens though. Anyone knows that? ozaki-r
See the logs :
On the Ovirt Node ==> /var/log/messages <== Jul 29 20:43:37 node62 kernel: device vnet0 entered promiscuous mode Jul 29 20:43:37 node62 kernel: breth0: port 2(vnet0) entering learning state Jul 29 20:43:37 node62 libvirtd: 20:43:37.873: info : qemudDispatchSignalEvent:370 : Received unexpected signal 17 Jul 29 20:43:37 node62 libvirtd: 20:43:37.877: info : qemudDispatchSignalEvent:370 : Received unexpected signal 17 Jul 29 20:43:37 node62 kernel: breth0: port 2(vnet0) entering disabled state Jul 29 20:43:37 node62 kernel: device vnet0 left promiscuous mode Jul 29 20:43:37 node62 kernel: breth0: port 2(vnet0) entering disabled state Jul 29 20:43:37 node62 libvirtd: 20:43:37.977: error : qemudReadLogOutput:816 : internal error Process exited while reading console log output Jul 29 20:43:37 node62 libvirtd: 20:43:37.977: error : qemudWaitForMonitor:1103 : internal error unable to start guest: bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied#012qemu: could not open monitor device 'unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait'#012 Jul 29 20:43:38 node62 libvirtd: 20:43:38.073: error : qemudDomainLookupByUUID:2644 : Domain not found: no domain with matching uuid '492f836f-5123-e185-39c2-09c5dd43a7f6' Jul 29 20:43:38 node62 libvirt-qpid: Error: virDomainLookupByUUIDString Subsystem qemu: Domain not found: no domain with matching uuid '492f836f-5123- e185-39c2-09c5dd43a7f6' in NodeWrap.cpp:syncDomains:241 code: 42
==> /var/log/libvirt/qemu/VM-4.log <== LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin HOME=/root USER=root LOGNAME=root /usr/bin/qemu-kvm -S -M pc -m 256 -smp 1 -name VM-4 -uuid 492f836f-5123- e185-39c2-09c5dd43a7f6 -monitor unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait -boot n -net nic,macaddr=00:16:3e:10:de:fe,vlan=0,name=nic.0 -net tap,fd=18,vlan=0,name=tap.0 -serial pty -parallel none -usb -vnc 0.0.0.0:0 - vga cirrus bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied qemu: could not open monitor device 'unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait'
==> # rpm -qa | grep libvirt <== libvirt-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-python-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-client-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-qpid-0.2.17-0.fc11.x86_64
Regards
-- Pierre-Gilles Mialon Linagora :: http://www.linagora.com Responsable hébergement :: Head of Hosting services pmialon@linagora.com :: +33.1 58 18 65 46
-- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On Thu, Jul 30, 2009 at 05:44:41PM +0900, Ryota Ozaki wrote:
On Thu, Jul 30, 2009 at 5:33 PM, Pierre-Gilles Mialon<pmialon@linagora.com> wrote:
I use Ovirt under Fedora 11 with the latest developpement package and the VM creation failed with : bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
Ugh, this is a regression introduced by my patch... (see [PATCH] qemu: fix monitor socket reconnection)
Eventually we need to add ENOENT to errno checks, not replace EACCES with ENOENT, I'm not sure why EACCES happens though. Anyone knows that? [...]
libvirt-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-python-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-client-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-qpid-0.2.17-0.fc11.x86_64
Unclear, he's using the prerelease code from monday, not the one with the EACCES -> ENOENT replacement patch. One possibility for EACCES could be if the socket creation in qemu was done with a mode not allowing access and modified in subsequent code, allowing for a small windows where EACCES would be returned. Someone should check qemu code. I think allowing again retry on EACCES should be fine anyway, I don't see how that could break things, we would just hit a time out in the worst case where access is never granted. So my take is to just do the enclosed patch, Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/
On Thu, Jul 30, 2009 at 5:57 PM, Daniel Veillard<veillard@redhat.com> wrote:
On Thu, Jul 30, 2009 at 05:44:41PM +0900, Ryota Ozaki wrote:
On Thu, Jul 30, 2009 at 5:33 PM, Pierre-Gilles Mialon<pmialon@linagora.com> wrote:
I use Ovirt under Fedora 11 with the latest developpement package and the VM creation failed with : bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
Ugh, this is a regression introduced by my patch... (see [PATCH] qemu: fix monitor socket reconnection)
Eventually we need to add ENOENT to errno checks, not replace EACCES with ENOENT, I'm not sure why EACCES happens though. Anyone knows that? [...]
libvirt-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-python-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-client-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-qpid-0.2.17-0.fc11.x86_64
Unclear, he's using the prerelease code from monday, not the one with the EACCES -> ENOENT replacement patch.
Sorry, I missed it...
One possibility for EACCES could be if the socket creation in qemu was done with a mode not allowing access and modified in subsequent code, allowing for a small windows where EACCES would be returned. Someone should check qemu code. I think allowing again retry on EACCES should be fine anyway, I don't see how that could break things, we would just hit a time out in the worst case where access is never granted.
I'm too eager to conclusion and I thought it an error in libvirtd, but yes, it's an error in qemu. With short viewing, qemu looks doing nothing for granting access permissions in its code so the time out likely to happen. Thus, I'm suspecting that qemu does not have access permission to /var/run/libvirt/qemu/ (or selinux). ozaki-r
So my take is to just do the enclosed patch,
Daniel
-- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/
On Thu, Jul 30, 2009 at 10:57:53AM +0200, Daniel Veillard wrote:
On Thu, Jul 30, 2009 at 05:44:41PM +0900, Ryota Ozaki wrote:
On Thu, Jul 30, 2009 at 5:33 PM, Pierre-Gilles Mialon<pmialon@linagora.com> wrote:
I use Ovirt under Fedora 11 with the latest developpement package and the VM creation failed with : bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
Ugh, this is a regression introduced by my patch... (see [PATCH] qemu: fix monitor socket reconnection)
Eventually we need to add ENOENT to errno checks, not replace EACCES with ENOENT, I'm not sure why EACCES happens though. Anyone knows that? [...]
libvirt-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-python-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-client-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-qpid-0.2.17-0.fc11.x86_64
Unclear, he's using the prerelease code from monday, not the one with the EACCES -> ENOENT replacement patch.
One possibility for EACCES could be if the socket creation in qemu was done with a mode not allowing access and modified in subsequent code, allowing for a small windows where EACCES would be returned. Someone should check qemu code. I think allowing again retry on EACCES should be fine anyway, I don't see how that could break things, we would just hit a time out in the worst case where access is never granted.
diff --git a/src/qemu_driver.c b/src/qemu_driver.c index 9fb8506..1877cc0 100644 --- a/src/qemu_driver.c +++ b/src/qemu_driver.c @@ -917,8 +917,9 @@ qemudOpenMonitorUnix(virConnectPtr conn, if (ret == 0) break;
- if (errno == ENOENT || errno == ECONNREFUSED) { + if (errno == ENOENT || errno == EACCES || errno == ECONNREFUSED) { /* ENOENT : Socket may not have shown up yet + * EACCES : acces is not yet granted * ECONNREFUSED : Leftover socket hasn't been removed yet */ continue; }
NACK, this is not going to help. The error message is coming from QEMU itself, unable to bind() to the socket. THis code is in libvirtd attempting to connect() to the socket. So this isn't where the bug is. In any case if permissions aren't correct, retrying isn't going to magically make them work. Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
On Thu, 2009-07-30 at 11:24 +0100, Daniel P. Berrange wrote:
The error message is coming from QEMU itself, unable to bind() to the socket. THis code is in libvirtd attempting to connect() to the socket. So this isn't where the bug is. In any case if permissions aren't correct, retrying isn't going to magically make them work.
There spec file screwage probably caused permissions problems; they should be fixed in the latest snapshot builds. Cheers, Mark.
On Thu, Jul 30, 2009 at 10:33:31AM +0200, Pierre-Gilles Mialon wrote:
I use Ovirt under Fedora 11 with the latest developpement package and the VM creation failed with : bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
See the logs : [...] bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied qemu: could not open monitor device 'unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait'
==> # rpm -qa | grep libvirt <== libvirt-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-python-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-client-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-qpid-0.2.17-0.fc11.x86_64
Very likely to be the issue this week about qemu domain startup, see https://www.redhat.com/archives/libvir-list/2009-July/msg00937.html and yesterday's message https://www.redhat.com/archives/libvir-list/2009-July/msg01002.html so try out the new version please, Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/
On Thu, Jul 30, 2009 at 10:48:30AM +0200, Daniel Veillard wrote:
On Thu, Jul 30, 2009 at 10:33:31AM +0200, Pierre-Gilles Mialon wrote:
I use Ovirt under Fedora 11 with the latest developpement package and the VM creation failed with : bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
See the logs : [...] bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied qemu: could not open monitor device 'unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait'
==> # rpm -qa | grep libvirt <== libvirt-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-python-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-client-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-qpid-0.2.17-0.fc11.x86_64
Very likely to be the issue this week about qemu domain startup, see https://www.redhat.com/archives/libvir-list/2009-July/msg00937.html and yesterday's message https://www.redhat.com/archives/libvir-list/2009-July/msg01002.html
so try out the new version please,
More specifically, could you try to upgrade your libvirt-* rpms to the ones there and report if this fixes the issue ? http://kojipkgs.fedoraproject.org/packages/libvirt/0.7.0/0.7.gite195b43.fc12... thanks ! Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/
Le jeudi 30 juillet 2009 13:22:45, Daniel Veillard a écrit :
On Thu, Jul 30, 2009 at 10:48:30AM +0200, Daniel Veillard wrote:
On Thu, Jul 30, 2009 at 10:33:31AM +0200, Pierre-Gilles Mialon wrote:
I use Ovirt under Fedora 11 with the latest developpement package and the VM creation failed with : bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
See the logs :
[...]
bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied qemu: could not open monitor device 'unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait'
==> # rpm -qa | grep libvirt <== libvirt-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-python-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-client-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-qpid-0.2.17-0.fc11.x86_64
Very likely to be the issue this week about qemu domain startup, see https://www.redhat.com/archives/libvir-list/2009-July/msg00937.html and yesterday's message https://www.redhat.com/archives/libvir-list/2009-July/msg01002.html
so try out the new version please,
More specifically, could you try to upgrade your libvirt-* rpms to the ones there and report if this fixes the issue ?
http://kojipkgs.fedoraproject.org/packages/libvirt/0.7.0/0.7.gite195b43.fc1 2/
I am under fedora 11, so I rpmbuild --rebuild http://kojipkgs.fedoraproject.org/packages/libvirt/0.7.0/0.7.gite195b43.fc12... I upgraded my ovirt-nodes rpm -Uvh libvirt-*rpm restart the libvirtd and libvirt-qpid services and I still have the same error messages. Jul 30 12:08:08 node62 libvirtd: 12:08:08.044: info : qemudDispatchSignalEvent:370 : Received unexpected signal 17 Jul 30 12:08:08 node62 kernel: device vnet0 entered promiscuous mode Jul 30 12:08:08 node62 kernel: breth0: port 2(vnet0) entering learning state Jul 30 12:08:08 node62 libvirtd: 12:08:08.050: info : qemudDispatchSignalEvent:370 : Received unexpected signal 17 Jul 30 12:08:08 node62 kernel: breth0: port 2(vnet0) entering disabled state Jul 30 12:08:08 node62 kernel: device vnet0 left promiscuous mode Jul 30 12:08:08 node62 kernel: breth0: port 2(vnet0) entering disabled state Jul 30 12:08:08 node62 libvirtd: 12:08:08.150: error : qemudReadLogOutput:816 : internal error Process exited while reading console log output Jul 30 12:08:08 node62 libvirtd: 12:08:08.151: error : qemudWaitForMonitor:1103 : internal error unable to start guest: bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied#012qemu: could not open monitor device 'unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait'#012 Jul 30 12:08:08 node62 libvirtd: 12:08:08.249: error : qemudDomainLookupByUUID:2644 : Domain not found: no domain with matching uuid '492f836f-5123-e185-39c2-09c5dd43a7f6' Jul 30 12:08:08 node62 libvirt-qpid: Error: virDomainLookupByUUIDString Subsystem qemu: Domain not found: no domain with matching uuid '492f836f-5123-e185-39c2-09c5dd43a7f6' in NodeWrap.cpp:syncDomains:241 code: 42 but now : rpm -qa | grep libvirt libvirt-0.7.0-0.7.gite195b43.fc11.x86_64 libvirt-qpid-0.2.17-0.fc11.x86_64 libvirt-client-0.7.0-0.7.gite195b43.fc11.x86_64 libvirt-python-0.7.0-0.7.gite195b43.fc11.x86_64 I try to chmod 777 /var/run/libvirt/qemu/ --> same issue I try to force the root user in /etc/libvirt/qemu.conf --> idem I search a way to cleanly disable SElinux on the ovirt-node to see what happened in this case. -- Pierre-Gilles Mialon Linagora :: http://www.linagora.com Responsable hébergement :: Head of Hosting services pmialon@linagora.com :: +33.1 58 18 65 46
On Thu, Jul 30, 2009 at 10:33:31AM +0200, Pierre-Gilles Mialon wrote:
I use Ovirt under Fedora 11 with the latest developpement package and the VM creation failed with : bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
==> /var/log/libvirt/qemu/VM-4.log <== LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin HOME=/root USER=root LOGNAME=root /usr/bin/qemu-kvm -S -M pc -m 256 -smp 1 -name VM-4 -uuid 492f836f-5123- e185-39c2-09c5dd43a7f6 -monitor unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait -boot n -net nic,macaddr=00:16:3e:10:de:fe,vlan=0,name=nic.0 -net tap,fd=18,vlan=0,name=tap.0 -serial pty -parallel none -usb -vnc 0.0.0.0:0 - vga cirrus bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied qemu: could not open monitor device 'unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait'
==> # rpm -qa | grep libvirt <== libvirt-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-python-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-client-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-qpid-0.2.17-0.fc11.x86_64
Is SELinux in enforcing mode ? It is quite likley that we'll need to update the policy to allow QEMU to use UNIX domain sockets here, since historically we've only had to allow PTYs. If SELinux isn't enforcing,t hen the other candidate is that the QEMU driver is configured to run VMs are 'qemu' user account, and the /var/run/libvirt/qemu directory is mistakenly owned by 'root' Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
Le jeudi 30 juillet 2009 12:26:57, Daniel P. Berrange a écrit :
On Thu, Jul 30, 2009 at 10:33:31AM +0200, Pierre-Gilles Mialon wrote:
I use Ovirt under Fedora 11 with the latest developpement package and the VM creation failed with : bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
==> /var/log/libvirt/qemu/VM-4.log <== LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin HOME=/root USER=root LOGNAME=root /usr/bin/qemu-kvm -S -M pc -m 256 -smp 1 -name VM-4 -uuid 492f836f-5123- e185-39c2-09c5dd43a7f6 -monitor unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait -boot n -net nic,macaddr=00:16:3e:10:de:fe,vlan=0,name=nic.0 -net tap,fd=18,vlan=0,name=tap.0 -serial pty -parallel none -usb -vnc 0.0.0.0:0 - vga cirrus bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied qemu: could not open monitor device 'unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait'
==> # rpm -qa | grep libvirt <== libvirt-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-python-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-client-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-qpid-0.2.17-0.fc11.x86_64
Is SELinux in enforcing mode ? It is quite likley that we'll need to update the policy to allow QEMU to use UNIX domain sockets here, since historically we've only had to allow PTYs.
Yes it was, disabling SELinux fix it... I tried to put it in permissive mode and it works too. Thanks ! -- Pierre-Gilles Mialon Linagora :: http://www.linagora.com Responsable hébergement :: Head of Hosting services pmialon@linagora.com :: +33.1 58 18 65 46
On Thu, Jul 30, 2009 at 03:36:37PM +0200, Pierre-Gilles Mialon wrote:
Le jeudi 30 juillet 2009 12:26:57, Daniel P. Berrange a écrit :
On Thu, Jul 30, 2009 at 10:33:31AM +0200, Pierre-Gilles Mialon wrote:
I use Ovirt under Fedora 11 with the latest developpement package and the VM creation failed with : bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied
==> /var/log/libvirt/qemu/VM-4.log <== LC_ALL=C PATH=/sbin:/usr/sbin:/bin:/usr/bin HOME=/root USER=root LOGNAME=root /usr/bin/qemu-kvm -S -M pc -m 256 -smp 1 -name VM-4 -uuid 492f836f-5123- e185-39c2-09c5dd43a7f6 -monitor unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait -boot n -net nic,macaddr=00:16:3e:10:de:fe,vlan=0,name=nic.0 -net tap,fd=18,vlan=0,name=tap.0 -serial pty -parallel none -usb -vnc 0.0.0.0:0 - vga cirrus bind(unix:/var/run/libvirt/qemu//VM-4.monitor): Permission denied qemu: could not open monitor device 'unix:/var/run/libvirt/qemu//VM-4.monitor,server,nowait'
==> # rpm -qa | grep libvirt <== libvirt-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-python-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-client-0.7.0-0.2.gitf055724.fc11.x86_64 libvirt-qpid-0.2.17-0.fc11.x86_64
Is SELinux in enforcing mode ? It is quite likley that we'll need to update the policy to allow QEMU to use UNIX domain sockets here, since historically we've only had to allow PTYs.
Yes it was, disabling SELinux fix it...
I tried to put it in permissive mode and it works too.
Ok, can you file a bug against 'selinux-policy', requesting that the policy allow QEMU guests the ability to bind/listen to UNIX sockets under /var/run/libvirt/qemu Regards, Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
participants (5)
-
Daniel P. Berrange -
Daniel Veillard -
Mark McLoughlin -
Pierre-Gilles Mialon -
Ryota Ozaki