Bug 2000983

Summary: [embed qemu] start guest with luks image failed with error "No current identity to elevate"
Product: Red Hat Enterprise Linux 8 Reporter: Fangge Jin <fjin>
Component: libvirtAssignee: Virtualization Maintenance <virt-maint>
Status: CLOSED DUPLICATE QA Contact: Han Han <hhan>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.6CC: fjin, hhan, jsuchane, lmen, virt-maint, xuzhang, zhetang
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2000410 Environment:
Last Closed: 2021-09-06 14:37:35 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2000410, 2016264    
Bug Blocks:    

Description Fangge Jin 2021-09-03 13:30:05 UTC 
+++ This bug was initially created as a clone of Bug #2000410 +++

Description of problem:

using virt-qemu-run to start guest with specified root dir and luks image failed with error "No current identity to elevate"

Version-Release number of selected component (if applicable):
libvirt-7.6.0-2.module+el8.5.0+12219+a5ea13d2.x86_64



How reproducible:
100%

Steps to Reproduce:
1.prepare a qcow2 luks image
#qemu-img create --object secret,id=sec0,data=123456 -f qcow2 -o encrypt.format=luks,encrypt.key-secret=sec0 /var/lib/libvirt/images/luks.qcow2 1G

2.Prepare secret xml and secret value:
#cat /xml/secret.xml
  <secret ephemeral='no' private='yes'>
         <description>LUKS Sample Secret</description>
         <uuid>f981dd17-143f-45bc-88e6-ed1fe20ce9da</uuid>
         <usage type='volume'>
            <volume>/var/lib/libvirt/images/luks.img</volume>
         </usage>
      </secret> 

#cat /xml/secret-value
123456

3.Prepare a guest xml with the luks image:
#cat /tmp/vm1.xml
...
<disk type='file' device='disk'>
      <driver name='qemu' type='qcow2' cache='none' io='threads' copy_on_read='off'/>
      <source file='/var/lib/libvirt/images/luks.qcow2' index='1'>
              <encryption format='luks'>
        <secret type='passphrase' uuid='f981dd17-143f-45bc-88e6-ed1fe20ce9da'/>
</encryption>
     </source>
...
</disk>
...

4. Start guest with specified root dir and luks image:
# virt-qemu-run -s /xml/secret.xml,/xml/value -d -v -r /tmp/test1 /tmp/vm1.xml

Actual results:

virt-qemu-run: 127: initializing libvirt 259671
virt-qemu-run: 1719: initializing signal handlers
virt-qemu-run: 1807: preparing event loop thread
virt-qemu-run: 1999: opening secret:///embed?root=%2Ftmp%2Ftest1
virt-qemu-run: 3590: loading secret secret.xml and secret-value
virt-qemu-run: 3951: opening qemu:///embed?root=%2Ftmp%2Ftest1
virt-qemu-run: 25790: fetching guest config /tmp/vm1.xml
virt-qemu-run: 25868: starting guest /tmp/vm1.xml
2021-09-02 04:13:24.782+0000: 259671: info : libvirt version: 7.6.0, package: 2.el9 (Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>, 2021-08-10-04:33:30, )
2021-09-02 04:13:24.782+0000: 259671: info : hostname: hhan-rhel9-1
2021-09-02 04:13:24.782+0000: 259671: warning : qemuProcessStop:7964 : Unable to release network device '<null>'
virt-qemu-run: cannot start VM: internal error: No current identity to elevate
virt-qemu-run: 452573: cleaned up, exiting


Expected results:
Start guest successfully and show verbose output.

Additional info:

--- Additional comment from Fangge Jin on 2021-09-02 13:04:32 UTC ---

Start vm without specified root dir has same issue
Comment 1 Jaroslav Suchanek 2021-09-06 14:37:35 UTC 
Lets track it in rhel-9.

*** This bug has been marked as a duplicate of bug 2000410 ***