Bug 516034

Summary: libvirt is not chowning kernel/initrd images before launching qemu
Product: [Fedora] Fedora Reporter: James Laska <jlaska>
Component: libvirtAssignee: Daniel Veillard <veillard>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: high    
Version: rawhideCC: berrange, clalance, crobinso, dwmw2, gcosta, itamar, jaswinder, jturner, markmc, veillard, virt-maint
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-08-06 16:23:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 498968    
Attachments:
Description Flags
/var/log/libvirt/qemu/RATS.log none

Description James Laska 2009-08-06 13:42:00 UTC 
Created attachment 356510 [details]
/var/log/libvirt/qemu/RATS.log

Description of problem:

Attempting a virt-install of F12-Alpha on an F12-Alpha host fails.

Version-Release number of selected component (if applicable):

 * kernel-2.6.31-0.125.rc5.git2.fc12.x86_64
 * qemu-common-0.10.91-0.4.rc1.fc12.x86_64
 * libvirt-0.7.0-0.9.gite195b43.fc12.x86_64
 * qemu-system-x86-0.10.91-0.4.rc1.fc12.x86_64
 * qemu-img-0.10.91-0.4.rc1.fc12.x86_64
 * qemu-kvm-0.10.91-0.4.rc1.fc12.x86_64
 * gpxe-roms-qemu-0.9.7-5.fc12.noarch

How reproducible:

 * seems to happen every time with selinux=permissive (and enforcing)

Steps to Reproduce:
1. virt-install --name RATS --ram 512 --vcpus 1 --os-type linux --os-variant fedora11 --extra-args "serial console=ttyS0" --disk path=/var/lib/libvirt/images/RATS.img,size=8,sparse=false --network network:default --location http://download.fedoraproject.org/pub/fedora/linux/development/x86_64/os  --nographics --noautoconsole
  
Actual results:

Starting install...
Retrieving file .treeinfo...                                                   | 2.4 kB     00:00 ... 
Retrieving file vmlinuz...                                                     | 5.7 MB     00:00 ... 
Retrieving file initrd.img...                                                  |  44 MB     00:00 ... 
ERROR    internal error unable to start guest: char device redirected to /dev/pts/1
qemu: could not load kernel '/var/lib/libvirt/boot/virtinst-vmlinuz.CVHJDC'

Domain installation may not have been
 successful.  If it was, you can restart your domain
 by running 'virsh start RATS'; otherwise, please
 restart your installation.
ERROR    internal error unable to start guest: char device redirected to /dev/pts/1
qemu: could not load kernel '/var/lib/libvirt/boot/virtinst-vmlinuz.CVHJDC'
Traceback (most recent call last):
  File "/usr/sbin/virt-install", line 929, in <module>
    main()
  File "/usr/sbin/virt-install", line 825, in main
    start_time, guest.start_install)
  File "/usr/sbin/virt-install", line 880, in do_install
    dom = install_func(conscb, progresscb, wait=(not wait))
  File "/usr/lib/python2.6/site-packages/virtinst/Guest.py", line 628, in start_install
    return self._do_install(consolecb, meter, removeOld, wait)
  File "/usr/lib/python2.6/site-packages/virtinst/Guest.py", line 726, in _do_install
    self.domain = self.conn.createLinux(install_xml, 0)
  File "/usr/lib64/python2.6/site-packages/libvirt.py", line 1077, in createLinux
    if ret is None:raise libvirtError('virDomainCreateLinux() failed', conn=self)
libvirtError: internal error unable to start guest: char device redirected to /dev/pts/1
qemu: could not load kernel '/var/lib/libvirt/boot/virtinst-vmlinuz.CVHJDC'

Expected results:

 * virt-install to start the guest

Additional info:
Comment 1 Daniel Berrangé 2009-08-06 13:49:53 UTC 
Oh, i think this is probably due to us forgetting to chown() the kenrel/initrd image to be readable by the 'qemu' user that VMs now run as.

As a quick hack, you can edit /etc/libvirt/qemu.conf and set  user="root" and group="root", and chown  /var/lib/libvirt/images  back to root:root.  if it then works, then this is a libvirt bug.
Comment 2 Mark McLoughlin 2009-08-06 13:50:20 UTC 
Okay, problem seems to be that we're not chowning the kernel and initrd before spawning qemu

This should be done in e.g. qemuDomainSetDeviceOwnership()
Comment 3 Mark McLoughlin 2009-08-06 14:56:48 UTC 
Patch posted upstream:

  http://www.redhat.com/archives/libvir-list/2009-August/msg00118.html
Comment 4 James Laska 2009-08-06 14:59:35 UTC 
After making the suggested change in comment#1

 1. Change user/group = root in '/etc/libvirt/qemu.conf'
 2. chown root:root /var/lib/libvirt/images

virt-install fails with ...

Traceback (most recent call last):
  File "/usr/sbin/virt-install", line 929, in <module>
    main()
  File "/usr/sbin/virt-install", line 825, in main
    start_time, guest.start_install)
  File "/usr/sbin/virt-install", line 880, in do_install
    dom = install_func(conscb, progresscb, wait=(not wait))
  File "/usr/lib/python2.6/site-packages/virtinst/Guest.py", line 628, in start_install
    return self._do_install(consolecb, meter, removeOld, wait)
  File "/usr/lib/python2.6/site-packages/virtinst/Guest.py", line 726, in _do_install
    self.domain = self.conn.createLinux(install_xml, 0)
  File "/usr/lib64/python2.6/site-packages/libvirt.py", line 1077, in createLinux
    if ret is None:raise libvirtError('virDomainCreateLinux() failed', conn=self)
libvirtError: internal error unable to start guest: bind(unix:/var/run/libvirt/qemu/RATS.monitor): Permission denied
qemu: could not open monitor device 'unix:/var/run/libvirt/qemu/RATS.monitor,server,nowait'


More chown'ing needed?
Comment 5 Daniel Berrangé 2009-08-06 15:08:40 UTC 
Yeha, ignore my suggestion - its not worth the hassle of chown'ing stuff - put it back to qemu:qemu.  Mark has a patch in libvirt for rawhide already....
Comment 6 Mark McLoughlin 2009-08-06 15:49:31 UTC 
(In reply to comment #4)

> libvirtError: internal error unable to start guest:
> bind(unix:/var/run/libvirt/qemu/RATS.monitor): Permission denied
> qemu: could not open monitor device
> 'unix:/var/run/libvirt/qemu/RATS.monitor,server,nowait'

virt-install is working fine for me now with:

  libvirt-0.7.0-2.fc12.x86_64
  qemu-kvm-0.10.91-0.4.rc1.fc12.x86_64
  selinux-policy-3.6.26-6.fc12.noarch
  python-virtinst-0.500.0-1.fc12.noarch

if this "could not open monitor device" error persists for you, please open a new bug
Comment 7 Mark McLoughlin 2009-08-06 16:23:16 UTC 
f12-alpha tag request:

  https://fedorahosted.org/rel-eng/ticket/2051

* Thu Aug  6 2009 Mark McLoughlin <markmc> - 0.7.0-2
- Make sure qemu can access kernel/initrd (bug #516034)
- Set perms on /var/lib/libvirt/boot to 0711 (bug #516034)