You are not logged in.
The latest update to libvirt broke my existing installation, it seems. When I try to launch a machine from libvirt-manager I get a permission error:
Error starting domain: Cannot access storage file '[FILENAME AND PATH REMOVED].qcow2' (as uid:977, gid:977): Permission denied
Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 72, in cb_wrapper
callback(asyncjob, *args, **kwargs)
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 108, in tmpcb
callback(*args, **kwargs)
File "/usr/share/virt-manager/virtManager/object/libvirtobject.py", line 57, in newfn
ret = fn(self, *args, **kwargs)
File "/usr/share/virt-manager/virtManager/object/domain.py", line 1384, in startup
self._backend.create()
File "/usr/lib/python3.10/site-packages/libvirt.py", line 1353, in create
raise libvirtError('virDomainCreate() failed')
libvirt.libvirtError: Cannot access storage file '/'[FILENAME AND PATH REMOVED].qcow2' (as uid:977, gid:977): Permission deniedI thought the issue was related to the change in user and group in libvirt that has already been discussed in this post, so I tried the following:
- Changed the user and group owners of the virtual machine images from noboby:kvm to libvirt-qemu:libvirt-qemu ---> nothing changed
- Added myself to the libvirt-qemu group --> nothing changed
What else could I try to fix the problem? I didn't see anything relevant in qemu.conf, nor did I notice any failed hooks in pacman's log.
Edit: just checked that the libvirt-qemu user has been properly added to the system. So it seems it is the problem is a mismatch between the qemu process and the image file permissions?
Edit2: I also tried changing Qemu's both user and root in qemu.conf to libvirt-qemu, to no avail
Last edited by stefano (2022-03-29 15:36:11)
Offline
as uid:977, gid:977Those IDs differ between systems, please post the output of
id 977Disliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
clean chroot building not flexible enough ?
Try clean chroot manager by graysky
Offline
as uid:977, gid:977Those IDs differ between systems, please post the output of
id 977
$ id 977
uid=977(libvirt-qemu) gid=977(libvirt-qemu) groups=977(libvirt-qemu),992(kvm)
Offline
makes sense, now let's check the imagefile permissiions
ls --numeric-uid-gid /path/to/imagefileDisliking systemd intensely, but not satisfied with alternatives so focusing on taming systemd.
clean chroot building not flexible enough ?
Try clean chroot manager by graysky
Offline
makes sense, now let's check the imagefile permissiions
ls --numeric-uid-gid /path/to/imagefile
Those seem all right as well:
-rwxrwxr-x 1 977 977 175969599488 Feb 4 15:33 [PATH WITHDRAWN]I even tried running virt-manager under sudo, but I get the same error. I guess I am not understanding the permission chain properly:
virt-manager --> libvirt ?
Different users?
Last edited by stefano (2022-03-26 16:57:01)
Offline
i have exactly the same problem.
During upgrading libvirt, i had this pacman log:
700340:[2022-03-04T13:15:04-0800] [ALPM-SCRIPTLET] Creating group 'libvirt-qemu' with GID 964.
700428:[2022-03-04T13:15:04-0800] [ALPM-SCRIPTLET] Creating user 'libvirt-qemu' (Libvirt QEMU user) with UID 964 and GID 964.One can find it out with:
tail -10000 /var/log/pacman.log | grep "libvirt"Checking the VM image file:
$ ls -la /home/***/.local/share/libvirt/images/
...
-rw------- 1 nobody kvm 26847870976 Mar 28 12:46 Arch.qcow2
...
$ ls --numeric-uid-gid /home/***/.local/share/libvirt/images/Arch.qcow2
-rw------- 1 65534 992 26847870976 Mar 28 12:46 /home/***/.local/share/libvirt/images/Arch.qcow2So the .qcow2 image file has user:group = nobody:kvm (65534:992)
But according to the pacman log, but libvirt created a user 964:964 and tried to access it with 964:964 (in op's case, it's 977:977).
Maybe changing the file permission of the .qcow2 can solve the problem, but i didn't do anything before upgrade, and imagine someone having many image files, so perhaps this is not a user issue but a potential bug or packaging problem?
I temporarily downgrade libvirt to v8.0.0-2:
sudo pacman -U https://archive.archlinux.org/packages/l/libvirt/libvirt-1%3A8.0.0-2-x86_64.pkg.tar.zstAnd for now it continued to work, and I added it to the ignore list waiting for a fix (if ever there's going to be one).
Offline
This happened to me too, and I believe the fix that worked for me was (after adding my user to the libvirt group) to open /etc/libvirt/qemu.conf then uncomment and replace:
#user = "root"
The group for QEMU processes run by the system instance. It can be
specified in a similar way to user.
#group = "root"with:
user = "yourcurrentuser"
The group for QEMU processes run by the system instance. It can be
specified in a similar way to user.
group = "libvirt"After these changes it started working for me again.
Edit: I forgot to mention that after adding the above changes, you need to restart libvirtd.
Last edited by PutridPete (2022-03-30 03:01:31)
Offline
The problem is that I have different users on my system and I can't specify many users in /etc/libvirt/qemu.conf. "group = libvirt" is already in my qemu.conf.
[alex@14:15 storage]$ pwd
/home/alex/_alex/vmachine/storage
[alex@14:15 storage]$ ls -l /home/alex/_alex/vmachine/
total 16
drwxr-xr-x 4 alex alex 4096 авг 27 2020 .
drwx--x---+ 21 alex alex 4096 апр 19 00:32 ..
drwxr-xr-x 2 alex alex 4096 мая 14 2020 spice
drwxr-xr-x 2 alex libvirt 4096 апр 19 23:20 storage
[alex@14:16 storage]$ groups
libvirt-qemu libvirt input alex
[alex@14:16 storage]$ ls -l
total 145388072
drwxr-xr-x 2 alex libvirt 4096 апр 19 23:20 .
drwxr-xr-x 4 alex alex 4096 авг 27 2020 ..
-rw-r--r-- 1 alex alex 233 окт 13 2020 ext_usb_disk.xml
-rw-rw---- 1 alex libvirt 17179869184 мая 5 2021 flash-16GB.img
-rw-r--r-- 1 alex alex 192 окт 13 2020 usb_disk.xml
-rw------- 1 root root 74819567616 апр 30 06:05 win10-dbg-vol01.qcow2
-rw------- 1 root root 32874299392 апр 21 00:02 win10-dev02-vol01.qcow2
-rw-rw---- 1 libvirt-qemu libvirt 67958538240 мая 3 00:31 win10-main-vol02.qcow2
-rw-rw---- 1 libvirt-qemu libvirt 132974051328 мая 3 00:31 win10-vol.qcow2
[alex@14:16 storage]$ ls -ln
total 145388072
drwxr-xr-x 2 1000 970 4096 апр 19 23:20 .
drwxr-xr-x 4 1000 1000 4096 авг 27 2020 ..
-rw-r--r-- 1 1000 1000 233 окт 13 2020 ext_usb_disk.xml
-rw-rw---- 1 1000 970 17179869184 мая 5 2021 flash-16GB.img
-rw-r--r-- 1 1000 1000 192 окт 13 2020 usb_disk.xml
-rw------- 1 0 0 74819567616 апр 30 06:05 win10-dbg-vol01.qcow2
-rw------- 1 0 0 32874299392 апр 21 00:02 win10-dev02-vol01.qcow2
-rw-rw---- 1 963 970 67958538240 мая 3 00:31 win10-main-vol02.qcow2
-rw-rw---- 1 963 970 132974051328 мая 3 00:31 win10-vol.qcow2
[alex@14:16 storage]$ sudo virsh start win10-main
error: Failed to start domain 'win10-main'
error: Cannot access storage file '/home/alex/_alex/vmachine/storage/win10-main-vol02.qcow2' (as uid:963, gid:970): Permission denied
But as I see, all permissions are ok. So I can't realize the root of the problem.
I was forced to downgrade libvirt ((
Last edited by saddam (2022-05-04 11:42:03)
Offline
Finally I fixed the issue granting to user libvirt-qemu access to my $HOME directory, under wihich there's a directory (named vm) where qcow2 files are stored.
The full path to directory where qcow2 are stored is /home/luca/vm.
Before applying a new access list rule my home directory looks like this
[root@archlinux home]# getfacl luca
# file: luca
# owner: luca
# group: luca
user::rwx
user:nobody:--x
group::---
mask::--x
other::---After applying the setfacl command
[root@archlinux home]# setfacl -m u:libvirt-qemu:rx lucathe grants appear in this way
[root@archlinux home]# getfacl luca
# file: luca
# owner: luca
# group: luca
user::rwx
user:libvirt-qemu:r-x
user:nobody:--x
group::---
mask::r-x
other::---Not sure if it is or not the right way to proceed.
HTH.
Offline
Finally I fixed the issue granting to user libvirt-qemu access to my $HOME directory, under wihich there's a directory (named vm) where qcow2 files are stored.
Thank you, lucecca. I don't get the reason for this behavior of libvirt, and I don't understand what did libvirt forget at my HOME, but your solution works. Moreover I set 'x' permission only (not 'rx'), and it works. So, as I got, libvirt needs 'x' permission to every single directory on its path to vm's image.
Offline