[prev in list] [next in list] [prev in thread] [next in thread]
List: libreswan-dev
Subject: Re: [Swan-dev] qemu-img: Could not open '/home/build/pool/swanfedora22base.qcow2
From: Andrew Cagney <andrew.cagney () gmail ! com>
Date: 2018-07-20 15:26:55
Message-ID: CAJeAr6sxjACtfmhODWXmf8t4kB8zSp5icmu8-4X9LG9odHufkA () mail ! gmail ! com
[Download RAW message or body]
On Fri, 20 Jul 2018 at 10:30, D. Hugh Redelmeier <hugh@mimosa.com> wrote:
>
> > From: Andrew Cagney <andrew.cagney@gmail.com>
> >
> > I'm guessing the most recent fedora?
>
> Yeah, fresh F28 install and up to date.
>
> Machine is old: i5-2400. Which is causing entropy problems, but that's
> another story.
>
> Spoiler:
>
> The problem was that I somehow skipped adding the test user to the qemu group:
> <https://libreswan.org/wiki/Test_Suite#Setting_Users_and_Groups>
> I've slightly improved the makefile's reaction to this problem. There
> is still room for improvement.
I think it is the best fix available. Thanks.
> Surprising fact: so far this is the only place where the lack of
> group membership snagged me.
>
> > On Fri, 20 Jul 2018 at 00:12, D. Hugh Redelmeier <hugh@mimosa.com> wrote:
> > >
> > > I'm setting up a new test system.
> > >
> > > make kvm-install failed with this message:
> > >
> > >
> > > qemu-img convert \
> > > -p -O qcow2 \
> > > /home/build/pool/swanfedora22base.qcow2 \
> > > /home/build/pool/a.clone.qcow2.tmp
> > > qemu-img: Could not open '/home/build/pool/swanfedora22base.qcow2': Could not \
> > > open '/home/build/pool/swanfedora22base.qcow2': Permission denied
> > >
> > > observations:
> > > -rw-r-----. 1 root qemu 8591507456 Jul 19 23:22 swanfedora22base.qcow2
> > >
> > > -rwxr-xr-x. 1 root root 1773200 Jul 3 13:42 /usr/bin/qemu-img
> > >
> > > This would work if qemu-img were setgid qemu.
> > > The makefile seems to expect that to be the case.
> >
> > Why? No. Only running a VM needs SUDO (and that annoys me).
>
> One doesn't need set GID qemu if one is already in the group. :-)
Interesting.
Perhaps someone knows of a how-to explaining the 'correct' way to set
up what we do such that SUDO isn't needed. My last round of research
didn't inspire confidence:
# The alternative is qemu:///session and it doesn't require root.
# However, it has never been used, and the python tools all assume
# qemu://system. Finally, it comes with a warning: QEMU usermode
# session is not the virt-manager default. It is likely that any
# pre-existing QEMU/KVM guests will not be available. Networking
# options are very limited.
KVM_CONNECTION ?= qemu:///system
VIRSH = sudo virsh --connect $(KVM_CONNECTION)
> > > On the other hand, my old test system has the same file ownerships and
> > > permissions.
> >
> > I'd suspect something around the images creation - virt-install or
> > your own umask?
>
> At my build account's shell prompt, umask is 0002. On both the old and
> new system. I have not changed the Fedora default.
>
> > What's the ownership on the old system?
>
> -rw-r-----. 1 root qemu 8591507456 Sep 17 2017 swanfedorabase.qcow2
>
> In other words, the same.
>
> But this old system has incrementally migrated from old Fedora and old
> Libreswan. I guess that the datestamp on the file gives hints of this.
> >
> > > Doing this
> > > sudo chmod a+r ../pool/swanfedora22base.qcow2
> > > make kvm-install
> > > gets past this point.
>
> Even though this chmod isn't recommended, it seems to solve the
> problem. Is this better than adding the user to the qemu group?
>
> Looking back on the transcript, this is how swanfedora22base.qcow2 got
> created:
>
>
> > XXX: Passing --security type=static,model=dac,label='1001:107',relabel=yes to \
> > virt-install causes it to panic
> sudo virt-install --connect qemu:///system \
> --name=swanfedora22base \
> --os-variant fedora22 \
> --vcpus=1 \
> --memory 1024 \
> --nographics \
> --disk size=8,cache=writeback,path=/home/build/pool/swanfedora22base.qcow2 \
> --network=network:swandefault,model=virtio \
> --rng type=random,device=/dev/random \
> --location=/home/build/pool/Fedora-Server-DVD-x86_64-22.iso \
> --initrd-inject=testing/libvirt/fedora22.ks \
> --extra-args="swanname=swanfedora22base ks=file:/fedora22.ks console=tty0 \
> console=ttyS0,115200 net.ifnames=0 biosdevname=0" \
> --noreboot
>
> So that explains why it is owned by root.
>
> Later the failure shows up. Here it is with a bit more context.
>
> test -r /home/build/pool/swanfedora22base.qcow2 || sudo chgrp 107 \
> /home/build/pool/swanfedora22base.qcow2 test -r \
> /home/build/pool/swanfedora22base.qcow2 || sudo chmod g+r \
> /home/build/pool/swanfedora22base.qcow2 : create a full copy
> rm -f /home/build/pool/a.clone.qcow2
> qemu-img convert \
> -p -O qcow2 \
> /home/build/pool/swanfedora22base.qcow2 \
> /home/build/pool/a.clone.qcow2.tmp
> (0.00/100%)^Mqemu-img: Could not open '/home/build/pool/swanfedora22base.qcow2': \
> Could not open '/home/build/pool/swanfedora22base.qcow2': Permission denied \
> _______________________________________________ Swan-dev mailing list
> Swan-dev@lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan-dev
_______________________________________________
Swan-dev mailing list
Swan-dev@lists.libreswan.org
https://lists.libreswan.org/mailman/listinfo/swan-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic