Bug 548401

Summary: Ownership of LVM backing store not updated on domain creation
Product: [Fedora] Fedora Reporter: Matthew Booth <mbooth>
Component: libvirtAssignee: Daniel Veillard <veillard>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 13CC: berrange, choeger, clalance, crobinso, itamar, jforbes, veillard, virt-maint
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-05-26 14:06:07 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Matthew Booth 2009-12-17 06:04:59 EST
Description of problem:
In F12, qemu runs as user qemu rather than root. While it normally automatically changes the ownership of storage when a domain is created, it does not do this for an LVM backing store. This may also be the case for other types of backing store, but I have not tested anything other than LVM. This means that domain creation will fail, reporting permission denied on the snapshot volume.

Version-Release number of selected component (if applicable):
libvirt-0.7.4-1.fc12.x86_64 (Rawhide recompiled for F12)

How reproducible:

Steps to Reproduce:
1. qemu-img create -b /dev/vg_foo/lv_guest -f qcow2 snapshot.qcow2
2. Add snapshot.qcow2 to guest
3. Start guest
Actual results:
Permission denied

Expected results:
Both snapshot.qcow2 and /dev/vg_foo/lv_guest have ownership changed.
Comment 1 Christoph Höger 2009-12-17 10:28:11 EST
The same (on a simple image file) for me.

Even after setting the qemu user to root in /etc/libvirt/qemu.conf and the image to mode 777 I still got "permission denied" (no avc denial).

I am not sure from stracing what libvirtd tries to do here, but what it does is:

1. chown the image file to root:root (<- total crap)
2. start qemu with some very strange security restrictions.
Comment 2 Bug Zapper 2010-03-15 09:36:04 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 13 development cycle.
Changing version to '13'.

More information and reason for this action is here:
Comment 3 Cole Robinson 2010-05-26 14:06:07 EDT

*** This bug has been marked as a duplicate of bug 579067 ***