5:09 p.m.
On 4/12/2016 4:36 PM, Martin Kletzander wrote:
On Tue, Apr 12, 2016 at 10:29:29PM +0200, Martin Kletzander wrote:
> On Tue, Apr 12, 2016 at 03:55:45PM -0400, TomK wrote:
>> On 4/12/2016 3:40 PM, Martin Kletzander wrote:
>>> [ I would be way easier to reply if you didn't top-post ]
>>>
>>> On Tue, Apr 12, 2016 at 12:07:50PM -0400, TomK wrote:
>>>> On 4/12/2016 11:45 AM, John Ferlan wrote:
>>>>> What got my attention was the error message "initializing FS
storage
>>>>> file" with the "file:" prefix to the name and
9869:9869 as the
>>>>> uid:gid
>>>>> trying to access the file (I assume that's oneadmin:oneadmin on
your
>>>>> system).
>>>>>
>>>
>>> I totally missed this. So the only thing that popped on my mind
>>> now was
>>> checking the whole path:
>>>
>>> ls -ld /var{,/lib{,/one{,/datastores{,/0{,/38{,/disk.1}}}}}}
>>>
>>> You can also run it as root and oneadmin, however after reading
>>> through
>>> all the info again, I don't think that'll help.
>>>
>> I top post by default in thunderbird and we have same setup at work
>> with
>> M$ LookOut. Old habits are to blame I guess. I'll try to reply like
>> this instead. But yeah it's terrible for mailing lists to top post.
>> Here's the output and thanks again:
>>
>> [oneadmin@mdskvm-p01 ~]$ ls -ld
>> /var{,/lib{,/one{,/datastores{,/0{,/38{,/disk.1}}}}}}
>> drwxr-xr-x. 21 root root 4096 Apr 11 07:10 /var
>> drwxr-xr-x. 45 root root 4096 Apr 12 07:58 /var/lib
>> drwxr-x--- 12 oneadmin oneadmin 4096 Apr 12 15:50 /var/lib/one
>
> Look ^^, maybe for a quick workaround you could try doing:
>
> chmod o+rx /var/lib/one
>
Actually, o+x ought to be enough.
> Let me know if that does the trick (at least for now).
>
>> drwxrwxr-x 6 oneadmin oneadmin 46 Mar 31 02:44
>> /var/lib/one/datastores
>> drwxrwxr-x 6 oneadmin oneadmin 42 Apr 5 00:20
>> /var/lib/one/datastores/0
>> drwxrwxr-x 2 oneadmin oneadmin 68 Apr 5 00:20
>> /var/lib/one/datastores/0/38
>> -rw-r--r-- 1 oneadmin oneadmin 372736 Apr 5 00:20
>> /var/lib/one/datastores/0/38/disk.1
>> [oneadmin@mdskvm-p01 ~]$
>>
>> That's the default setting but I think I see what you're getting at
>> that
>> permissions get inherited?
>>
>
> No, I just think you need eXecute on all parent directories. That
> shouldn't hinder your security and could help.
>
>> Cheers,
>> Tom K.
>>
-------------------------------------------------------------------------------------
>>
>>
>>
>> Living on earth is expensive, but it includes a free trip around the
>> sun.
>>
> --
> libvir-list mailing list
> libvir-list(a)redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
_______________________________________________
libvirt-users mailing list
libvirt-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users
The execute permissions did the trick to allow creation. So that's
good. There's still the write and I'm thinking you intend this as a
workaround since oneadmin should be able to write in there with other
being --- . The auto deployment of cloud virtuals would still fail then
when writes are attempted.
[oneadmin@mdskvm-p01 ~]$ virsh -d 1 --connect qemu:///system create
/var/lib/one//datastores/0/38/deployment.0
create: file(optdata): /var/lib/one//datastores/0/38/deployment.0
Domain one-38 created from /var/lib/one//datastores/0/38/deployment.0
[oneadmin@mdskvm-p01 ~]$
Now should this work without any permissions on other for the
unprivileged user oneadmin? Thinking Yes per John Forlan's reply?
[oneadmin@mdskvm-p01 0]$ virsh -d 1 --connect qemu:///system create
/var/lib/one//datastores/0/24/deployment.0
create: file(optdata): /var/lib/one//datastores/0/24/deployment.0
error: Failed to create domain from
/var/lib/one//datastores/0/24/deployment.0
error: can't canonicalize path '/var/lib/one//datastores/0/24/disk.1':
Permission denied
[oneadmin@mdskvm-p01 0]$
Cheers,
Tom K.
-------------------------------------------------------------------------------------
Living on earth is expensive, but it includes a free trip around the sun.