Description of problem: libvirt in Rawhide cannot launch guests (yet again - is it too much to ask that you test this most basic use case for libvirt?) Version-Release number of selected component (if applicable): libvirt-1.3.5-2.fc25.x86_64 How reproducible: 100% Steps to Reproduce: ** NB I am running the following command as NON-ROOT ** $ virt-install --import --name tmp-bug --ram 2048 --disk none WARNING No operating system detected, VM performance may suffer. Specify an OS with --os-variant for optimal results. Starting install... ERROR Failed to connect socket to '/run/user/1000/libvirt/virtlogd-sock': No such file or directory Domain installation does not appear to have been successful. If it was, you can restart your domain by running: virsh --connect qemu:///session start tmp-bug otherwise, please restart your installation.
I tried downgrading the running kernel from kernel-4.7.0-0.rc5.git1.2.fc25.x86_64 to 4.7.0-0.rc2.git3.2.fc25.x86_64 but that made no difference. I suspect glibc socket problems.
I tried the libvirt 2.0.0 build from: http://koji.fedoraproject.org/koji/taskinfo?taskID=14728077 That should be built against the new glibc (and is also built against the exact same glibc that I have installed), so that rules out glibc socket problems. With session libvirtd running: $ ls -l /run/user/1000/libvirt/ total 4 drwx------. 2 rjones rjones 40 Jul 1 12:15 hostdevmgr srwx------. 1 rjones rjones 0 Jul 1 12:15 libvirt-admin-sock -rw-r--r--. 1 rjones rjones 4 Jul 1 12:15 libvirtd.pid srwx------. 1 rjones rjones 0 Jul 1 12:15 libvirt-sock drwxrwxr-x. 3 rjones rjones 60 Jul 1 12:15 network drwxrwxr-x. 3 rjones rjones 60 Jul 1 12:15 qemu drwxrwxr-x. 3 rjones rjones 60 Jul 1 12:15 storage Note that session virtlogd is not being started by libvirtd. I can start virtlogd manually, although obviously I shouldn't need to do that.
Created attachment 1174888 [details] libvirtd strace The error appears to be: 2800 capset({_LINUX_CAPABILITY_VERSION_3, 2757}, {0, 0, 0}) = -1 EPERM (Operation not permitted) 2800 write(2, "libvirt: error : internal error: cannot apply process capabilities -1\n", 71) = 71 libcap-ng-0.7.7-4.fc24.x86_64 kernel-4.7.0-0.rc5.git1.2.fc25.x86_64
Same error here. kernel-4.5.0-0.44.el7.aarch64 libcap-ng-0.7.5-4.el7.aarch64
The patch below (by Andrea Bolognani) fixes the problem for me: diff --git a/src/util/virutil.c b/src/util/virutil.c index 170dd59..564d0ba 100644 --- a/src/util/virutil.c +++ b/src/util/virutil.c @@ -1465,6 +1465,8 @@ virSetUIDGIDWithCaps(uid_t uid, gid_t gid, gid_t *groups, int ngroups, bool need_setgid = false, need_setuid = false; bool need_setpcap = false; + capng_setpid(getpid()); + /* First drop all caps (unless the requested uid is "unchanged" or * root and clearExistingCaps wasn't requested), then add back * those in capBits + the extra ones we need to change uid/gid and
Fix is to install audit >= 2.6.2-1.
*** Bug 1352263 has been marked as a duplicate of this bug. ***
*** Bug 1352265 has been marked as a duplicate of this bug. ***
*** Bug 1352224 has been marked as a duplicate of this bug. ***
*** Bug 1351976 has been marked as a duplicate of this bug. ***