[libvirt-users] Getting "Unable to set XATTR" on libvirt 5.6.0 inside containers
Hi, We are updating KubeVirt to libvirt 5.6.0. Before that we were running on 5.0.0. It seems like something regarding setting xattrs on files has changed, because with libvirt 5.6.0 we are getting the following error: ``` Unable to set XATTR trusted.libvirt.security.dac on /var/lib/libvirt/qemu/domain-410-default_vmi-fedora: Operation not permitted') ``` The main problem is for us is that container filesystems don't necessarily support setting xattrs. My questions would therfore be: * Does anyone know what has changed, and why? * Can it be disabled? Thanks a lot and Best Regards, Roman
On 11/21/19 3:08 PM, Roman Mohr wrote:
Hi,
We are updating KubeVirt to libvirt 5.6.0. Before that we were running on 5.0.0. It seems like something regarding setting xattrs on files has changed, because with libvirt 5.6.0 we are getting the following error:
``` Unable to set XATTR trusted.libvirt.security.dac on /var/lib/libvirt/qemu/domain-410-default_vmi-fedora: Operation not permitted') ```
The main problem is for us is that container filesystems don't necessarily support setting xattrs.
My questions would therfore be:
* Does anyone know what has changed, and why? * Can it be disabled?
I've seen the bug you filled so I'll continue discussion there so that we don't have two places where we discuss this issue. https://bugzilla.redhat.com/show_bug.cgi?id=1774373 Michal
On Thu, Nov 21, 2019 at 3:23 PM Michal Privoznik <mprivozn@redhat.com> wrote:
On 11/21/19 3:08 PM, Roman Mohr wrote:
Hi,
We are updating KubeVirt to libvirt 5.6.0. Before that we were running on 5.0.0. It seems like something regarding setting xattrs on files has changed, because with libvirt 5.6.0 we are getting the following error:
``` Unable to set XATTR trusted.libvirt.security.dac on /var/lib/libvirt/qemu/domain-410-default_vmi-fedora: Operation not permitted') ```
The main problem is for us is that container filesystems don't necessarily support setting xattrs.
My questions would therfore be:
* Does anyone know what has changed, and why? * Can it be disabled?
I've seen the bug you filled so I'll continue discussion there so that we don't have two places where we discuss this issue.
Thanks Michal.
Michal
participants (2)
-
Michal Privoznik -
Roman Mohr