Bug 1479558

Summary: Could not access KVM kernel module: Permission denied
Product: [Fedora] Fedora Reporter: jniederm
Component: qemuAssignee: Fedora Virtualization Maintainers <virt-maint>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 26CC: amit, berrange, cfergeau, chorn, crobinso, dwmw2, dzheng, itamar, pbonzini, rjones, tiago.rodrigo1987, virt-maint
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-16 23:46:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
suspected update
none
libvirt.log
none
journalct.log none

Description jniederm 2017-08-08 19:36:53 UTC 
Created attachment 1310829 [details]
suspected update

Description of problem:
An existing libvirt VM can't be started. It worked before. I suspect the update in attachment.

Version-Release number of selected component (if applicable):
$ rpm -qa *qemu*
qemu-system-or1k-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-arm-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-block-rbd-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-nios2-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-x86-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-sparc-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-tricore-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-m68k-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-alpha-core-2.10.0-0.1.rc1.fc26.x86_64
libvirt-daemon-driver-qemu-3.6.0-1.fc26.x86_64
qemu-system-sh4-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-lm32-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-ppc-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-sh4-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-block-ssh-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-moxie-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-lm32-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-block-iscsi-2.10.0-0.1.rc1.fc26.x86_64
qemu-user-2.10.0-0.1.rc1.fc26.x86_64
qemu-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-xtensa-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-s390x-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-mips-2.10.0-0.1.rc1.fc26.x86_64
qemu-block-curl-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-cris-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-xtensa-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-s390x-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-mips-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-cris-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-block-dmg-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-aarch64-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-x86-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-unicore32-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-or1k-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-microblaze-2.10.0-0.1.rc1.fc26.x86_64
ipxe-roms-qemu-20161108-4.gitb991c67.fc26.noarch
qemu-system-arm-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-alpha-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-unicore32-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-microblaze-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-common-2.10.0-0.1.rc1.fc26.x86_64
qemu-kvm-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-sparc-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-tricore-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-m68k-2.10.0-0.1.rc1.fc26.x86_64
qemu-block-nfs-2.10.0-0.1.rc1.fc26.x86_64
qemu-guest-agent-2.10.0-0.1.rc1.fc26.x86_64
qemu-img-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-aarch64-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-nios2-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-ppc-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-moxie-2.10.0-0.1.rc1.fc26.x86_64
qemu-block-gluster-2.10.0-0.1.rc1.fc26.x86_64


How reproducible:
100%

Steps to Reproduce:
1. Let's have previously working libvirt VM
2. sudo virsh start <vm-name>

Actual results:
error: Failed to start domain co7-1
error: internal error: process exited while connecting to monitor: 2017-08-08T18:52:17.279808Z qemu-system-x86_64: -chardev pty,id=charserial0: char device redirected to /dev/pts/5 (label charserial0)
Could not access KVM kernel module: Permission denied
2017-08-08T18:52:17.279972Z qemu-system-x86_64: failed to initialize KVM: Permission denied

Expected results:
vm is started

Additional info:
setenforce 0 doesn't help

# rmmod kvm_intel
# rmmod kvm
# modprobe kvm
# modprobe kvm_intel
as suggested at https://bugzilla.redhat.com/show_bug.cgi?id=950436 or https://github.com/voidlinux/void-packages/issues/1095 doesn't help

device /dev/pts/5 is create and deleted instantly
# inotifywait  -r -e create,delete /dev/pts ; stat /dev/pts/5
Setting up watches.  Beware: since -r was given, this may take a while!
Watches established.
/dev/pts/ CREATE 5
  File: /dev/pts/5
  Size: 0         	Blocks: 0          IO Block: 1024   character special file
Device: 15h/21d	Inode: 8           Links: 1     Device type: 88,5
Access: (0620/crw--w----)  Uid: (  107/    qemu)   Gid: (    5/     tty)
Context: system_u:object_r:svirt_devpts_t:s0
Access: 2017-08-08 21:30:32.846695224 +0200
Modify: 2017-08-08 21:30:32.846695224 +0200
Change: 2017-08-08 21:30:32.846695224 +0200
 Birth: -
Comment 1 jniederm 2017-08-08 19:37:45 UTC 
Created attachment 1310830 [details]
libvirt.log
Comment 2 jniederm 2017-08-08 19:38:17 UTC 
Created attachment 1310831 [details]
journalct.log
Comment 3 Cole Robinson 2017-08-08 19:50:51 UTC 
Hmm yes we dropped the kvm udev rules in the rawhide package, since rawhide systemd now provides them. However it looks like you are using the virt-preview repo on f26, so now there isn't anything setting /dev/kvm permissions to 666 and group=kvm

Maybe we keep shipping the udev rules for a release until virt-preview is discontinued for f26...
Comment 4 jniederm 2017-08-09 12:50:19 UTC 
Hi Cole, is there any workaround?
Comment 5 Cole Robinson 2017-08-09 13:33:10 UTC 
(In reply to jniederm from comment #4)
> Hi Cole, is there any workaround?

chmod 666 /dev/kvm to get it working right now. Then to fix future reboots, create a file /lib/udev/rules.d/99-kvm.rules with this content:

KERNEL=="kvm", GROUP="kvm", MODE="0666"
Comment 6 jniederm 2017-08-09 15:11:20 UTC 
Workarounds helped. Thanks Cole
Comment 7 Cole Robinson 2017-08-16 23:46:23 UTC 
This file should be back in the virt-preview packages now
Comment 8 tiago.rodrigo1987 2020-01-24 21:11:34 UTC 
(In reply to Cole Robinson from comment #5)
> (In reply to jniederm from comment #4)
> > Hi Cole, is there any workaround?
> 
> chmod 666 /dev/kvm to get it working right now. Then to fix future reboots,
> create a file /lib/udev/rules.d/99-kvm.rules with this content:
> 
> KERNEL=="kvm", GROUP="kvm", MODE="0666"


Perfet, solved my problem, tks.