On Wed, Feb 15, 2017 at 02:25:12PM +0100, Hans-Christoph Steiner wrote:
I'm using libvirt on Debian/stretch (testing) with vagrant and the
vagrant-libvirt plugin. When I import a vagrant box (jessie64.box), the
resulting file permssions let anyone in the "kvm" group read the img.
But when I build upon that box, only root can read it:
I don't have any Vagrant experience, but if you have a file that any VM
(with qemu://system) is using, by default libvirt will make sure the VM
can use it and after that, set it to root:root. The proper way would be
setting it to permssions that it had before. We're dealing with this
for a couple of years now. It's still unfixed because we're trying to
fix every single corner-case and also there are so many things to
consider.
Anyway, if you will make sure that qemu can access it, you can disable
the automatic dynamic relabelling (either for the disk in the domain XML
by saying <seclabel ... relabel="no"/> for the disk or the whole domain
or all domains by setting dynamic_ownership to 0 in qemu.conf).
HTH,
Martin
-rw------- 1 root root 20198785024 Sep 19 18:19
buildserver_default.img
-rwxr--r-- 1 libvirt-qemu kvm 2148663296 Sep 5 22:55
jessie64_vagrant_box_image_0.img
How can I control those file permissions as a regular user in the
libvirtd group? I need to read that image in order to use qemu-img to
rebase and create a new vagrant box. The current `vagrant package`
command only works with VirtualBox VMs, but its easy to make a .box if
you have read access to the libvirt QEMU .img file.
/etc/libvirt/storage/default.xml says:
<target>
<path>/var/lib/libvirt/images</path>
<permissions>
<mode>0755</mode>
</permissions>
</target>
You can find the context for this work here:
https://gitlab.com/fdroid/fdroidserver/issues/238
.hc
--
PGP fingerprint: EE66 20C7 136B 0D2C 456C 0A4D E9E2 8DEA 00AA 5556
https://pgp.mit.edu/pks/lookup?op=vindex&search=0xE9E28DEA00AA5556
_______________________________________________
libvirt-users mailing list
libvirt-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users