Bug 1479558 - Could not access KVM kernel module: Permission denied
Could not access KVM kernel module: Permission denied
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: qemu (Show other bugs)
26
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Fedora Virtualization Maintainers
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-08-08 15:36 EDT by jniederm
Modified: 2017-11-20 01:39 EST (History)
11 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2017-08-16 19:46:23 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
suspected update (41.35 KB, text/plain)
2017-08-08 15:36 EDT, jniederm
no flags Details
libvirt.log (3.38 KB, text/plain)
2017-08-08 15:37 EDT, jniederm
no flags Details
journalct.log (64.00 KB, text/plain)
2017-08-08 15:38 EDT, jniederm
no flags Details

  None (edit)
Description jniederm 2017-08-08 15:36:53 EDT
Created attachment 1310829 [details]
suspected update

Description of problem:
An existing libvirt VM can't be started. It worked before. I suspect the update in attachment.

Version-Release number of selected component (if applicable):
$ rpm -qa *qemu*
qemu-system-or1k-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-arm-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-block-rbd-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-nios2-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-x86-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-sparc-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-tricore-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-m68k-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-alpha-core-2.10.0-0.1.rc1.fc26.x86_64
libvirt-daemon-driver-qemu-3.6.0-1.fc26.x86_64
qemu-system-sh4-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-lm32-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-ppc-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-sh4-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-block-ssh-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-moxie-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-lm32-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-block-iscsi-2.10.0-0.1.rc1.fc26.x86_64
qemu-user-2.10.0-0.1.rc1.fc26.x86_64
qemu-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-xtensa-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-s390x-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-mips-2.10.0-0.1.rc1.fc26.x86_64
qemu-block-curl-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-cris-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-xtensa-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-s390x-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-mips-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-cris-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-block-dmg-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-aarch64-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-x86-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-unicore32-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-or1k-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-microblaze-2.10.0-0.1.rc1.fc26.x86_64
ipxe-roms-qemu-20161108-4.gitb991c67.fc26.noarch
qemu-system-arm-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-alpha-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-unicore32-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-microblaze-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-common-2.10.0-0.1.rc1.fc26.x86_64
qemu-kvm-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-sparc-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-tricore-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-m68k-2.10.0-0.1.rc1.fc26.x86_64
qemu-block-nfs-2.10.0-0.1.rc1.fc26.x86_64
qemu-guest-agent-2.10.0-0.1.rc1.fc26.x86_64
qemu-img-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-aarch64-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-nios2-core-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-ppc-2.10.0-0.1.rc1.fc26.x86_64
qemu-system-moxie-2.10.0-0.1.rc1.fc26.x86_64
qemu-block-gluster-2.10.0-0.1.rc1.fc26.x86_64


How reproducible:
100%

Steps to Reproduce:
1. Let's have previously working libvirt VM
2. sudo virsh start <vm-name>

Actual results:
error: Failed to start domain co7-1
error: internal error: process exited while connecting to monitor: 2017-08-08T18:52:17.279808Z qemu-system-x86_64: -chardev pty,id=charserial0: char device redirected to /dev/pts/5 (label charserial0)
Could not access KVM kernel module: Permission denied
2017-08-08T18:52:17.279972Z qemu-system-x86_64: failed to initialize KVM: Permission denied

Expected results:
vm is started

Additional info:
setenforce 0 doesn't help

# rmmod kvm_intel
# rmmod kvm
# modprobe kvm
# modprobe kvm_intel
as suggested at https://bugzilla.redhat.com/show_bug.cgi?id=950436 or https://github.com/voidlinux/void-packages/issues/1095 doesn't help

device /dev/pts/5 is create and deleted instantly
# inotifywait  -r -e create,delete /dev/pts ; stat /dev/pts/5
Setting up watches.  Beware: since -r was given, this may take a while!
Watches established.
/dev/pts/ CREATE 5
  File: /dev/pts/5
  Size: 0         	Blocks: 0          IO Block: 1024   character special file
Device: 15h/21d	Inode: 8           Links: 1     Device type: 88,5
Access: (0620/crw--w----)  Uid: (  107/    qemu)   Gid: (    5/     tty)
Context: system_u:object_r:svirt_devpts_t:s0
Access: 2017-08-08 21:30:32.846695224 +0200
Modify: 2017-08-08 21:30:32.846695224 +0200
Change: 2017-08-08 21:30:32.846695224 +0200
 Birth: -
Comment 1 jniederm 2017-08-08 15:37 EDT
Created attachment 1310830 [details]
libvirt.log
Comment 2 jniederm 2017-08-08 15:38 EDT
Created attachment 1310831 [details]
journalct.log
Comment 3 Cole Robinson 2017-08-08 15:50:51 EDT
Hmm yes we dropped the kvm udev rules in the rawhide package, since rawhide systemd now provides them. However it looks like you are using the virt-preview repo on f26, so now there isn't anything setting /dev/kvm permissions to 666 and group=kvm

Maybe we keep shipping the udev rules for a release until virt-preview is discontinued for f26...
Comment 4 jniederm 2017-08-09 08:50:19 EDT
Hi Cole, is there any workaround?
Comment 5 Cole Robinson 2017-08-09 09:33:10 EDT
(In reply to jniederm from comment #4)
> Hi Cole, is there any workaround?

chmod 666 /dev/kvm to get it working right now. Then to fix future reboots, create a file /lib/udev/rules.d/99-kvm.rules with this content:

KERNEL=="kvm", GROUP="kvm", MODE="0666"
Comment 6 jniederm 2017-08-09 11:11:20 EDT
Workarounds helped. Thanks Cole
Comment 7 Cole Robinson 2017-08-16 19:46:23 EDT
This file should be back in the virt-preview packages now

Note You need to log in before you can comment on or make changes to this bug.