Re: [libvirt-users] [libvirt] Libvirtd running as root tries to access oneadmin (OpenNebula) NFS mount but throws: error: can’t canonicalize path

On Tue, Apr 12, 2016 at 03:55:45PM -0400, TomK wrote: >On 4/12/2016 3:40 PM, Martin Kletzander wrote: >> [ I would be way easier to reply if you didn't top-post ] >> >> On Tue, Apr 12, 2016 at 12:07:50PM -0400, TomK wrote: >>> On 4/12/2016 11:45 AM, John Ferlan wrote: >>>> What got my attention was the error message "initializing FS storage >>>> file" with the "file:" prefix to the name and 9869:9869 as the uid:gid >>>> trying to access the file (I assume that's oneadmin:oneadmin on your >>>> system). >>>> >> >> I totally missed this. So the only thing that popped on my mind now was >> checking the whole path: >> >> ls -ld /var{,/lib{,/one{,/datastores{,/0{,/38{,/disk.1}}}}}} >> >> You can also run it as root and oneadmin, however after reading through >> all the info again, I don't think that'll help. >> >I top post by default in thunderbird and we have same setup at work with >M$ LookOut. Old habits are to blame I guess. I'll try to reply like >this instead. But yeah it's terrible for mailing lists to top post. >Here's the output and thanks again: > >[oneadmin@mdskvm-p01 ~]$ ls -ld >/var{,/lib{,/one{,/datastores{,/0{,/38{,/disk.1}}}}}} >drwxr-xr-x. 21 root root 4096 Apr 11 07:10 /var >drwxr-xr-x. 45 root root 4096 Apr 12 07:58 /var/lib >drwxr-x--- 12 oneadmin oneadmin 4096 Apr 12 15:50 /var/lib/one Look ^^, maybe for a quick workaround you could try doing: chmod o+rx /var/lib/one

Let me know if that does the trick (at least for now). >drwxrwxr-x 6 oneadmin oneadmin 46 Mar 31 02:44 /var/lib/one/datastores >drwxrwxr-x 6 oneadmin oneadmin 42 Apr 5 00:20 >/var/lib/one/datastores/0 >drwxrwxr-x 2 oneadmin oneadmin 68 Apr 5 00:20 >/var/lib/one/datastores/0/38 >-rw-r--r-- 1 oneadmin oneadmin 372736 Apr 5 00:20 >/var/lib/one/datastores/0/38/disk.1 >[oneadmin@mdskvm-p01 ~]$ > >That's the default setting but I think I see what you're getting at that >permissions get inherited? > No, I just think you need eXecute on all parent directories. That shouldn't hinder your security and could help. >Cheers, >Tom K. >------------------------------------------------------------------------------------- > > >Living on earth is expensive, but it includes a free trip around the sun. >

-- libvir-list mailing list libvir-list(a)redhat.com https://www.redhat.com/mailman/listinfo/libvir-list