Bug 921292
Summary: | qemu: could not open disk image /tmp/.../snapshot1: Permission denied | |||
---|---|---|---|---|
Product: | [Community] Virtualization Tools | Reporter: | Richard W.M. Jones <rjones> | |
Component: | libguestfs | Assignee: | Richard W.M. Jones <rjones> | |
Status: | CLOSED UPSTREAM | QA Contact: | ||
Severity: | unspecified | Docs Contact: | ||
Priority: | unspecified | |||
Version: | unspecified | CC: | dyasny, imcleod, mbooth, mzatko | |
Target Milestone: | --- | |||
Target Release: | --- | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | Bug Fix | ||
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1101528 (view as bug list) | Environment: | ||
Last Closed: | 2013-03-18 18:02:31 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1101528 |
Description
Richard W.M. Jones
2013-03-13 22:22:51 UTC
To the original reporter: - What version of libvirt is installed? - Do the following commands *when run as root* fail? truncate /tmp/test1.img -s1G guestfish -v -x --ro -a /tmp/test1.img run I can't reproduce this so far. I have: libguestfs-1.20.4-1.fc18.x86_64 libvirt-daemon-0.10.2.3-1.fc18.x86_64 qemu-system-x86-1.2.2-6.fc18.x86_64 tmp-on-tmpfs enabled It seems that commands above don't fail - http://fpaste.org/2283/ libguestfs-1.20.4-1.fc18.x86_64 python-libguestfs-1.20.4-1.fc18.x86_64 libguestfs-tools-c-1.20.4-1.fc18.x86_64 libvirt-daemon-0.10.2.3-1.fc18.x86_64 qemu-system-x86-1.2.2-6.fc18.x86_64 tmpfs on /tmp type tmpfs (rw,seclabel) I worked out why this error was printed. First thing to say, the error message from qemu is incredibly misleading. When it says "could not open disk image <name>" it does NOT (necessarily) mean that it couldn't open the file <name>. It could also mean that it failed to open any backing disks that <name> has (but it won't print the name of the backing disk, it'll print the name of the "top" file). This qemu annoyance gets me every time ... Anyway, in this case snapshot1 is backed by /tmp/.guestfs-0/root, and it is this backing file ("root") which is causing the problem. Recall that qemu is running as user 'qemu.qemu'. /tmp/.guestfs-0 has the following permissions: > libguestfs: command: run: ls > libguestfs: command: run: \ -a > libguestfs: command: run: \ -l > libguestfs: command: run: \ -Z /tmp/.guestfs-0 > libguestfs: drwx------. root root system_u:object_r:initrc_tmp_t:s0 . ^^^^^^^^^^^ [...] > libguestfs: -rw-r--r--. qemu qemu system_u:object_r:virt_content_t:s0 root Since the directory is not readable by non-root, qemu fails to open the file and would give the error message shown in the summary. I checked the code and it turns out that we don't set the mode on /tmp/.guestfs-$UID when we first create it. We leave that up to the umask, so if the first person who happens to run libguestfs and create that directory has an especially restrictive umask, it could end up with almost any permissions. So this is a bug in libguestfs. You should be able to reproduce this bug at will by doing: chmod 0700 /tmp/.guestfs-0 BTW I notice that .guestfs-0 is being created in /tmp in this situation. Normally I'd expect it to be created in /var/tmp, but it's possible that OpenStack / ImageFactory is setting $TMPDIR, or the reporter set this. I (will shortly) push an upstream fix for this: commit af1c53d104180415a8584c48f19fd4ea7df224f5 Fixed in 1.21.21. |