Bug 770488

Summary: permission denied error for sanlock, libvirt should show error message mention virt_use_sanlock
Product: [Community] Virtualization Tools Reporter: Huang Wenlong <whuang>
Component: libvirtAssignee: Peter Krempa <pkrempa>
Status: CLOSED WONTFIX QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: ajia, cwei, eblake, mzhan, pkrempa, rbalakri
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-10-05 05:57:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Huang Wenlong 2011-12-27 02:35:23 UTC 
Description of problem:

permission denied error for sanlock,  libvirt should show error message
mention virt_use_sanlock
there is a bug about virt_use_nfs error message it has been fixed :https://bugzilla.redhat.com/show_bug.cgi?id=589922

Version-Release number of selected component (if applicable):
libvirt-0.9.8-1.el6.x86_64

How reproducible:
100%

Steps to Reproduce:

1. install libvirt-lock-sanlock and configure
# service libvirtd stop
# yum install /usr/bin/augtool
#augtool
augtool>  set /files/etc/libvirt/qemu.conf/lock_manager "sanlock"
augtool>  set /files/etc/libvirt/qemu-sanlock.conf/host_id 1
augtool>  set
/files/etc/libvirt/qemu-sanlock.conf/auto_disk_leases
1
augtool>  set /files/etc/libvirt/qemu-sanlock.conf/disk_lease_dir
"/var/lib/libvirt/sanlock"
augtool>  save Saved 1 file(s) augtool>  quit
# echo 'SANLOCKOPTS="-w 0"'>  /etc/sysconfig/sanlock
# /etc/init.d/sanlock start Starting sanlock: [ OK ]

set log_outputs="1:file:/tmp/libvirtd.log" in
/etc/libvirt/libvirtd.conf


# service libvirtd start

2. try to start a guest
# virsh start demo1
error: Failed to start domain demo1
error: internal error Failed to open socket to sanlock daemon:
Permission denied

3.check the  /tmp/libvirtd.log
# cat /tmp/libvirtd.log
2011-12-23 05:28:48.222+0000: 13359: info : libvirt version:
0.9.8,
package: 1.el6 (Red Hat,
Inc.<http://bugzilla.redhat.com/bugzilla>,
2011-12-08-10:01:37, x86-008.build.bos.redhat.com)
2011-12-23 05:28:48.222+0000: 13359: error :
virCommandHandshakeWait:2391 : internal error Failed to open
socket
to
sanlock daemon: Permission denied
2011-12-23 05:38:03.805+0000: 13358: warning :
qemuDomainObjTaint:1134 :
Domain id=2 name='t' uuid=74884557-11b3-2fca-f713-56424eacafe6 is
tainted: shell-scripts
2011-12-23 05:38:03.856+0000: 13358: error :
virCommandHandshakeWait:2391 : internal error Unable to query
sector
size /var/lib/libvirt/sanlock/aa958ec678f0b979290070114d6b4777:
Permission denied



Actual results:
No mention virt_use_sanlock

Expected results:
mention virt_use_sanlock

Additional info:
where are some options  in selinux, should libvirt mention them
when
libvirt block by virt_use_*-->off ?

# getsebool -a|grep virt
virt_use_comm -->  off
virt_use_fusefs -->  off
virt_use_nfs -->  on
virt_use_samba -->  off
virt_use_sanlock -->  off
virt_use_sysfs -->  on
virt_use_usb -->  on
virt_use_xserver -->  off
Comment 1 Peter Krempa 2012-05-24 10:59:36 UTC 
We definitely should document the need to enable the sebool to support sanlock on a SELinux machine. On the other hand printing of the error message wasn't accepted very well upstream.
Comment 4 Peter Krempa 2015-10-05 05:57:41 UTC 
Sanlock is not the preferred lock manager any more.