Bug 1728703
| Summary: | libvirtd chowns my kernel image to root:root | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Andrew Price <anprice> |
| Component: | libvirt | Assignee: | Libvirt Maintainers <libvirt-maint> |
| Status: | CLOSED DEFERRED | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 30 | CC: | agedosier, berrange, clalancette, crobinso, itamar, jforbes, laine, libvirt-maint, richard.poettler, veillard, virt-maint, yaneti |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-07-11 17:50:53 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Thanks for the report. This is long known suboptimal behavior. You are using the libvirt URI qemu:///system which talks to the system libvirtd instance running as root. But libvirt wants to run VMs as the unprivileged qemu user. So libvirtd will chown all the VM media to qemu:qemu when starting the VM. The problem is, it doesn't have any way[1] to know what the starting owner of the image was, so when the VM shuts down, it chown's the image to root:root There's a lot of ways to work around it by manipulating the file in some way, for exmaple write a wrapper script to copy the kernel you care about to some other location first and have the VM boot from that, so it doesn't mess with the permissions of your built kernel. Or sidestep the issue entirely by using qemu:///session which launches libvirtd and VMs as your UID so it doesn't perform any chowning. More info on that distinction: https://blog.wikichoon.com/2016/01/qemusystem-vs-qemusession.html Because this behavior has been the same for a decade at this point, I'm closing this; a Fedora bug isn't going to effect change here. But feel free to ask follow up questions if necessary [1] libvirt does have some support in the next release for 'remembering' the starting state here, but it's only for r/w media, so it doesn't change anything for kernel/initrd which are readonly. It's possible this behavior will get 'smarter' at some point in the future but Thanks for taking the time to provide a thorough explanation, Cole. That's very useful. I'll give qemu:///session a try. With the bridge helper I think it should work for my use case. |
Description of problem: For kernel testing I have VMs configured to direct boot the kernel from my Linux source tree: <os> <type arch='x86_64' machine='pc-i440fx-2.9'>hvm</type> <kernel>/home/andy/src/linux/arch/x86/boot/bzImage</kernel> <cmdline>console=ttyS0,115200 root=/dev/vda2</cmdline> <boot dev='hd'/> </os> After upgrading to Fedora 30 libvirtd has started to chown that file to qemu:qemu when the VM is started, and then to root:root when it has shut down. This makes my subsequent builds fail as I cannot overwrite the root-owned kernel image. This happens even if the image is owned by andy:qemu with mode 0664 to begin with. Version-Release number of selected component (if applicable): libvirt-5.1.0-8.fc30.x86_64 How reproducible: 100% Steps to Reproduce: 1. Build kernel as normal user 2. Set VM to direct boot it 3. Start VM 4. ls -l /path/to/image 5. Power off vm 6. ls -l /path/to/image Actual results: The image is owned by qemu:qemu when VM is running and root:root afterwards. Expected results: Image ownership is left untouched, VM just fails to boot if it doesn't have permission. Additional info: This is a way for someone to set root ownership on an arbitrary file but luckily the setuid bit is not left set in my tests.