On 4/12/2016 4:36 PM, Martin Kletzander wrote:
On Tue, Apr 12, 2016 at 10:29:29PM +0200, Martin Kletzander wrote:
On Tue, Apr 12, 2016 at 03:55:45PM -0400, TomK wrote:
On 4/12/2016 3:40 PM, Martin Kletzander wrote:
[ I would be way easier to reply if you didn't top-post ]
On Tue, Apr 12, 2016 at 12:07:50PM -0400, TomK wrote:
On 4/12/2016 11:45 AM, John Ferlan wrote:
What got my attention was the error message "initializing FS storage file" with the "file:" prefix to the name and 9869:9869 as the uid:gid trying to access the file (I assume that's oneadmin:oneadmin on your system).
I totally missed this. So the only thing that popped on my mind now was checking the whole path:
ls -ld /var{,/lib{,/one{,/datastores{,/0{,/38{,/disk.1}}}}}}
You can also run it as root and oneadmin, however after reading through all the info again, I don't think that'll help.
I top post by default in thunderbird and we have same setup at work with M$ LookOut. Old habits are to blame I guess. I'll try to reply like this instead. But yeah it's terrible for mailing lists to top post. Here's the output and thanks again:
[oneadmin@mdskvm-p01 ~]$ ls -ld /var{,/lib{,/one{,/datastores{,/0{,/38{,/disk.1}}}}}} drwxr-xr-x. 21 root root 4096 Apr 11 07:10 /var drwxr-xr-x. 45 root root 4096 Apr 12 07:58 /var/lib drwxr-x--- 12 oneadmin oneadmin 4096 Apr 12 15:50 /var/lib/one
Look ^^, maybe for a quick workaround you could try doing:
chmod o+rx /var/lib/one
Actually, o+x ought to be enough.
Let me know if that does the trick (at least for now).
drwxrwxr-x 6 oneadmin oneadmin 46 Mar 31 02:44 /var/lib/one/datastores drwxrwxr-x 6 oneadmin oneadmin 42 Apr 5 00:20 /var/lib/one/datastores/0 drwxrwxr-x 2 oneadmin oneadmin 68 Apr 5 00:20 /var/lib/one/datastores/0/38 -rw-r--r-- 1 oneadmin oneadmin 372736 Apr 5 00:20 /var/lib/one/datastores/0/38/disk.1 [oneadmin@mdskvm-p01 ~]$
That's the default setting but I think I see what you're getting at that permissions get inherited?
No, I just think you need eXecute on all parent directories. That shouldn't hinder your security and could help.
Cheers, Tom K. -------------------------------------------------------------------------------------
Living on earth is expensive, but it includes a free trip around the sun.
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
The execute permissions did the trick to allow creation. So that's good. There's still the write and I'm thinking you intend this as a workaround since oneadmin should be able to write in there with other being --- . The auto deployment of cloud virtuals would still fail then when writes are attempted. [oneadmin@mdskvm-p01 ~]$ virsh -d 1 --connect qemu:///system create /var/lib/one//datastores/0/38/deployment.0 create: file(optdata): /var/lib/one//datastores/0/38/deployment.0 Domain one-38 created from /var/lib/one//datastores/0/38/deployment.0 [oneadmin@mdskvm-p01 ~]$ Now should this work without any permissions on other for the unprivileged user oneadmin? Thinking Yes per John Forlan's reply? [oneadmin@mdskvm-p01 0]$ virsh -d 1 --connect qemu:///system create /var/lib/one//datastores/0/24/deployment.0 create: file(optdata): /var/lib/one//datastores/0/24/deployment.0 error: Failed to create domain from /var/lib/one//datastores/0/24/deployment.0 error: can't canonicalize path '/var/lib/one//datastores/0/24/disk.1': Permission denied [oneadmin@mdskvm-p01 0]$ Cheers, Tom K. ------------------------------------------------------------------------------------- Living on earth is expensive, but it includes a free trip around the sun.