Hi Martin,
Thanks for the guidance. Ultimately I determined that this was an AppArmor
issue restricting access to /var/lib/libvirt/images and /var/lib/libvirt/qemu.
I was able to add access to these directories in
/etc/apparmor.d/local/abstractions/libvirt-qemu and then successfully start a
VM (no longer getting the "access denied" message).
Thanks,
Andrew
________________________________
From: Martin Kletzander
Sent: Wednesday, November 20, 2024 8:31 AM
To: Andrew Martin
Cc: users(a)lists.libvirt.org
Subject: Re: Set permissions and ownership of disk image created by vol-upload
On Tue, Nov 19, 2024 at 07:01:39PM +0000, Andrew Martin wrote:
Hello,
I am using libvirt 8.0 on Ubuntu 22.04 and would like to utilize the vol-upload
command to upload a disk image:
https://www.libvirt.org/manpages/virsh.html#vol-upload
I am using the "directory" storage pool type:
https://libvirt.org/storage.html#directory-pool
However, when uploading the disk image, it gets written with octal permissions
0600 and owner root:root. Ideally I'd like this file to be owned by
libvirt-qemu:libvirt-qemu with permissions 0660 so that the group can read it.
I've tried the following, none of which seem to alter the owner or permissions:
- change the umask in the libvirtd systemd unit
- edit the user, group, and dynamic_ownership settings in /etc/libvirt/qemu.conf
- run "virsh pool-edit default" and change the <mode>, <owner>, or
<group> tags
How can I configure libvirtd to create these uploaded files with the desired
permissions and ownership?
Use virsh vol-create <pool> <volume.xml> where the volume xml looks
something like this (adjust to your liking):
<volume>
<name>perms.img</name>
<capacity unit='M'>100</capacity>
<target>
<path>/var/lib/libvirt/images/perms.img</path>
<format type='raw'/>
<permissions>
<mode>0755</mode>
<owner>77</owner>
<group>77</group>
</permissions>
</target>
</volume>
And then use virsh vol-upload to populate the volume with what you want.
That ought to be enough.
HTH,
Martin
Thanks,
Andrew