Re: Libvirt + Debian Live = Heart Attack
On 11/24/21 16:01, Elias Mobery wrote:
Hello Michal, thank you for the reply!
I've carefully tested everything you suggested, thanks.
I set dynamic_ownership=0 and use these hooks during the live build for
permissions. (I googled a lot, and apparently libvirt needs the images
to be executable too)
chown -R libvirt-qemu:kvm /var/lib/libvirt/images
chmod -R g+rwx /var/lib/libvirt/images
I don't think this is correct. I don't have any of my images executable
and still run VMs happily.
Booting the live debian iso everything works in virt-manager, but again,
after clicking "run", a copy of the vm image is created in
/run/live/overlay/rw/var/lib/libvirt/images and only then does the VM start.
So who/what creates this copy? Is this a feature of underlying FS or
what exactly? It's definitely not libvirt who creates those copies.
Either it's still being chowned or chmodded somehow, or it's something
else, but I can't stop this copy being made.
Interestingly, when I boot the Live debian iso and then copy the images
into /var/lib/libvirt/images from my USB stick, the VM starts
immediately without creating any copies in the /run/live.... directory.
So my guess is that maybe the squashfs could be the issue?
Editing the XML
<source file='/var/lib/libvirt/images/vm1.qcow2'>
<seclabel relabel='no'/>
</source>
This results in an error:
Unsupported Configuration:
Security driver model 'null' not available>
Here I tried setting security_driver=none in qemu.conf but same error after.
</devices>
<seclabel type='none'/>
</domain>
This should have been:
<seclabel type='none' model='dac'/>
and if you are running with SELinux you want to repeat that for
model='selinux' too.
Michal