4:01 p.m.
Hi Daniel,
I noticed that the patch "Add support for hotplug/unplug of disk devices in LXC"
you wrote had been merged into libvirt of version 1.0.2.
But when I used this function, it report an error with details as following:
ubuntu@lxc:~$ vir attach-device instance-0000002c disk.xml --config
error: Failed to attach device from disk.xml
error: Unable to create device /proc/18377/root/dev/sdb: Permission denied
ubuntu@lxc:~$ vir attach-device instance-0000002c disk.xml
error: Failed to attach device from disk.xml
error: Unable to create device /proc/18377/root/dev/sdb: Permission denied
ubuntu@lxc:~$ cat disk.xml
<disk type='block' device='disk'>
<driver type='raw' cache='none'/>
<source dev='/dev/dm-0'/>
<target dev='sdb' bus='scsi'/>
</disk>
ubuntu@lxc:~$ ll /dev/dm-0
brw-rw---- 1 root disk 252, 0 Jul 15 03:39 /dev/dm-0
ubuntu@lxc:~$ dpkg -l|grep libvirt
ii libvirt-bin 1.0.2-0ubuntu11 programs
for the libvirt library
ii libvirt0 1.0.2-0ubuntu11 library
for interfacing with different virtualization systems
ii python-libvirt 1.0.2-0ubuntu11 libvirt
Python bindings
And in this lxc vm, through dmesg the following information can be seen:
ubuntu@lxc2:~$ dmesg
[433287.227288] type=1400 audit(1373874475.861:55): apparmor="DENIED"
operation="mknod" info="Failed name lookup" error=-13 parent=1
profile="/usr/sbin/libvirtd" name="dev/sdb" pid=1541
comm="libvirtd" requested_mask="c" denied_mask="c" fsuid=0
ouid=0
What's the real problem and How can I fix it. I really appreciate your help.
Thanks!
--------------
Best regards!
GuanQiang
2013-07-15
4:33 p.m.
On 07/15/2013 04:01 PM, hzguanqiang wrote:
Hi Daniel,
I noticed that the patch "Add support for hotplug/unplug of disk devices in
LXC" you wrote had been merged into libvirt of version 1.0.2.
But when I used this function, it report an error with details as following:
ubuntu@lxc:~$ vir attach-device instance-0000002c disk.xml --config
error: Failed to attach device from disk.xml
error: Unable to create device /proc/18377/root/dev/sdb: Permission denied
ubuntu@lxc:~$ vir attach-device instance-0000002c disk.xml
error: Failed to attach device from disk.xml
error: Unable to create device /proc/18377/root/dev/sdb: Permission denied
ubuntu@lxc:~$ cat disk.xml
<disk type='block' device='disk'>
<driver type='raw' cache='none'/>
<source dev='/dev/dm-0'/>
<target dev='sdb' bus='scsi'/>
</disk>
You should use attach-disk not attach-device.
vir attach-disk instance-0000002c /dev/dm-0 sdb
Thanks
5:18 p.m.
Hi, Gao Feng
I've tried what you said, but still exists the problem:
ubuntu@lxc:~$ vir attach-disk instance-0000002c /dev/dm-0 sdb
error: Failed to attach disk
error: Unable to create device /proc/10366/root/dev/sdb: Permission denied
I think finding what it means by saying 'Unable to create device
/proc/10366/root/dev/sdb: Permission denied' is the key.
But anyway, thanks for your help!
On 07/15/2013 04:01 PM, hzguanqiang wrote:
> Hi Daniel,
>
> I noticed that the patch "Add support for hotplug/unplug of disk devices in
LXC" you wrote had been merged into libvirt of version 1.0.2.
> But when I used this function, it report an error with details as following:
>
> ubuntu@lxc:~$ vir attach-device instance-0000002c disk.xml --config
> error: Failed to attach device from disk.xml
> error: Unable to create device /proc/18377/root/dev/sdb: Permission denied
>
> ubuntu@lxc:~$ vir attach-device instance-0000002c disk.xml
> error: Failed to attach device from disk.xml
> error: Unable to create device /proc/18377/root/dev/sdb: Permission denied
>
> ubuntu@lxc:~$ cat disk.xml
> <disk type='block' device='disk'>
> <driver type='raw' cache='none'/>
> <source dev='/dev/dm-0'/>
> <target dev='sdb' bus='scsi'/>
> </disk>
>
You should use attach-disk not attach-device.
vir attach-disk instance-0000002c /dev/dm-0 sdb
5:32 p.m.
On 07/15/2013 05:18 PM, hzguanqiang wrote:
Hi, Gao Feng
I've tried what you said, but still exists the problem:
ubuntu@lxc:~$ vir attach-disk instance-0000002c /dev/dm-0 sdb
error: Failed to attach disk
error: Unable to create device /proc/10366/root/dev/sdb: Permission denied
I think finding what it means by saying 'Unable to create device
/proc/10366/root/dev/sdb: Permission denied' is the key.
But anyway, thanks for your help!
Do you have <idmap> configured for your lxc domain?
I just posted a patchset to fix the problem that failed to create device when user
namespace enabled.
BTW, does it work well if you directly write the configuration to the xml of lxc domain?
Thanks
1:29 p.m.
于 2013/7/15 17:32, Gao feng 写道:
On 07/15/2013 05:18 PM, hzguanqiang wrote:
> Hi, Gao Feng
>
> I've tried what you said, but still exists the problem:
>
> ubuntu@lxc:~$ vir attach-disk instance-0000002c /dev/dm-0 sdb
> error: Failed to attach disk
> error: Unable to create device /proc/10366/root/dev/sdb: Permission denied
>
> I think finding what it means by saying 'Unable to create device
/proc/10366/root/dev/sdb: Permission denied' is the key.
> But anyway, thanks for your help!
>
Do you have <idmap> configured for your lxc domain?
I just posted a patchset to fix the problem that failed to create device when user
namespace enabled.
BTW, does it work well if you directly write the configuration to the xml of lxc domain?
Thanks
Hi, Gao feng,
I tried to write the configuration in the xml as you said, and it works.
And I didn't set <idmap> configure for my lxc domain. The xml content
of my lxc domain is just as following:
<domain type='lxc' id='13071'>
<name>instance-0000002b</name>
<uuid>cf76c280-ac9c-44a6-94e3-237b46a7a68b</uuid>
<memory unit='KiB'>2097152</memory>
<currentMemory unit='KiB'>2097152</currentMemory>
<vcpu placement='static'>1</vcpu>
<os>
<type arch='x86_64'>exe</type>
<init>/sbin/init</init>
<cmdline>console=tty0 console=ttyS0</cmdline>
</os>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/lib/libvirt/libvirt_lxc</emulator>
<filesystem type='mount' accessmode='passthrough'>
<source
dir='/opt/stack/data/nova/instances/cf76c280-ac9c-44a6-94e3-237b46a7a68b/rootfs'/>
<target dir='/'/>
</filesystem>
<interface type='bridge'>
<mac address='fa:16:3e:7a:1b:c8'/>
<source bridge='br100'/>
<target dev='veth0'/>
<filterref filter='nova-instance-instance-0000002b-fa163e7a1bc8'/>
</interface>
<console type='pty' tty='/dev/pts/2'>
<source path='/dev/pts/2'/>
<target type='lxc' port='0'/>
<alias name='console0'/>
</console>
</devices>
<seclabel type='none'/>
</domain>
I still don't understand why I can't hotplug attach disk device for the
lxc domain.
Expect more detailed answer, Thanks!
4:15 p.m.
On 07/16/2013 01:29 PM, Guan Qiang wrote:
于 2013/7/15 17:32, Gao feng 写道:
> On 07/15/2013 05:18 PM, hzguanqiang wrote:
>> Hi, Gao Feng
>>
>> I've tried what you said, but still exists the problem:
>>
>> ubuntu@lxc:~$ vir attach-disk instance-0000002c /dev/dm-0 sdb
>> error: Failed to attach disk
>> error: Unable to create device /proc/10366/root/dev/sdb: Permission denied
>>
>> I think finding what it means by saying 'Unable to create device
/proc/10366/root/dev/sdb: Permission denied' is the key.
>> But anyway, thanks for your help!
>>
> Do you have <idmap> configured for your lxc domain?
> I just posted a patchset to fix the problem that failed to create device when user
namespace enabled.
>
> BTW, does it work well if you directly write the configuration to the xml of lxc
domain?
>
> Thanks
Hi, Gao feng,
I tried to write the configuration in the xml as you said, and it works.
And I didn't set <idmap> configure for my lxc domain. The xml content of my
lxc domain is just as following:
...
I still don't understand why I can't hotplug attach disk
device for the lxc domain.
Expect more detailed answer, Thanks!
it's because apparmor deny libvirt to create device node under directory
/proc/10366/root/dev/.
I don't know if this will help you, you can have a try.
change the apparmor profile of libvirtd. check the /etc/apparmor.d/usr.sbin.libvirtd,
and add /proc/ rw.
Thanks!
5:47 p.m.
On 07/17/2013 04:15 PM, Gao feng wrote:
On 07/16/2013 01:29 PM, Guan Qiang wrote:
> 于 2013/7/15 17:32, Gao feng 写道:
>> On 07/15/2013 05:18 PM, hzguanqiang wrote:
>>> Hi, Gao Feng
>>>
>>> I've tried what you said, but still exists the problem:
>>>
>>> ubuntu@lxc:~$ vir attach-disk instance-0000002c /dev/dm-0 sdb
>>> error: Failed to attach disk
>>> error: Unable to create device /proc/10366/root/dev/sdb: Permission denied
>>>
>>> I think finding what it means by saying 'Unable to create device
/proc/10366/root/dev/sdb: Permission denied' is the key.
>>> But anyway, thanks for your help!
>>>
>> Do you have <idmap> configured for your lxc domain?
>> I just posted a patchset to fix the problem that failed to create device when
user namespace enabled.
>>
>> BTW, does it work well if you directly write the configuration to the xml of lxc
domain?
>>
>> Thanks
> Hi, Gao feng,
>
> I tried to write the configuration in the xml as you said, and it works.
>
> And I didn't set <idmap> configure for my lxc domain. The xml content of
my lxc domain is just as following:
>
...
> I still don't understand why I can't hotplug attach disk device for the lxc
domain.
> Expect more detailed answer, Thanks!
>
it's because apparmor deny libvirt to create device node under directory
/proc/10366/root/dev/.
I don't know if this will help you, you can have a try.
change the apparmor profile of libvirtd. check the /etc/apparmor.d/usr.sbin.libvirtd,
and add /proc/ rw.
ln -s /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable/ &
/etc/init.d/apparmor restart should work,
but libvirtd will run out of apparmor's control.
12:13 p.m.
On 2013-07-17 17:47, Gao feng <gaofeng(a)cn.fujitsu.com> wrote:
>On 07/17/2013 04:15 PM, Gao feng wrote:
> On 07/16/2013 01:29 PM, Guan Qiang wrote:
>> 于 2013/7/15 17:32, Gao feng 写道:
>>> On 07/15/2013 05:18 PM, hzguanqiang wrote:
>>>> Hi, Gao Feng
>>>>
>>>> I've tried what you said, but still exists the problem:
>>>>
>>>> ubuntu@lxc:~$ vir attach-disk instance-0000002c /dev/dm-0 sdb
>>>> error: Failed to attach disk
>>>> error: Unable to create device /proc/10366/root/dev/sdb: Permission
denied
>>>>
>>>> I think finding what it means by saying 'Unable to create device
/proc/10366/root/dev/sdb: Permission denied' is the key.
>>>> But anyway, thanks for your help!
>>>>
>>> Do you have <idmap> configured for your lxc domain?
>>> I just posted a patchset to fix the problem that failed to create device when
user namespace enabled.
>>>
>>> BTW, does it work well if you directly write the configuration to the xml of
lxc domain?
>>>
>>> Thanks
>> Hi, Gao feng,
>>
>> I tried to write the configuration in the xml as you said, and it works.
>>
>> And I didn't set <idmap> configure for my lxc domain. The xml content
of my lxc domain is just as following:
>>
> ...
>> I still don't understand why I can't hotplug attach disk device for the
lxc domain.
>> Expect more detailed answer, Thanks!
>>
>
> it's because apparmor deny libvirt to create device node under directory
/proc/10366/root/dev/.
>
> I don't know if this will help you, you can have a try.
>
> change the apparmor profile of libvirtd. check the
/etc/apparmor.d/usr.sbin.libvirtd,
> and add /proc/ rw.
ln -s /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable/ &
/etc/init.d/apparmor restart should work,
but libvirtd will run out of apparmor's control.
Yes, it works. Thanks for help.
------------------
Best regards!
GuanQiang
2013-07-19
4068
days inactive
4072
days old
7 comments
3 participants
participants (3)
-
Gao feng -
Guan Qiang -
hzguanqiang