Bug 2016264 - using virt-qemu-run to start guest with specified root dir and luks image failed with error "No current identity to elevate"
Summary: using virt-qemu-run to start guest with specified root dir and luks image fai...
Keywords:
Status: CLOSED DUPLICATE of bug 2000410
Alias: None
Product: Red Hat Enterprise Linux Advanced Virtualization
Classification: Red Hat
Component: libvirt
Version: 8.6
Hardware: Unspecified
OS: Unspecified
low
medium
Target Milestone: rc
: 8.5
Assignee: Virtualization Maintenance
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On: 2000410
Blocks: 2000983
TreeView+ depends on / blocked
 
Reported: 2021-10-21 06:40 UTC by Han Han
Modified: 2021-10-21 07:17 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 2000410
Environment:
Last Closed: 2021-10-21 07:17:33 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-100455 0 None None None 2021-10-21 06:41:59 UTC

Description Han Han 2021-10-21 06:40:53 UTC 
Reproduced on:
libvirt-7.6.0-5.module+el8.5.0+12933+58cb48a1.x86_64
qemu-kvm-6.0.0-32.module+el8.5.0+12949+ac589a5c.x86_64

+++ This bug was initially created as a clone of Bug #2000410 +++

Description of problem:

using virt-qemu-run to start guest with specified root dir and luks image failed with error "No current identity to elevate"

Version-Release number of selected component (if applicable):
libvirt 7.6.0-2.el9
qemu-kvm  6.0.0-13.el9


How reproducible:
100%

Steps to Reproduce:
1.prepare a qcow2 luks image
#qemu-img create --object secret,id=sec0,data=123456 -f qcow2 -o encrypt.format=luks,encrypt.key-secret=sec0 /var/lib/libvirt/images/luks.qcow2 1G

2.Prepare secret xml and secret value:
#cat /xml/secret.xml
  <secret ephemeral='no' private='yes'>
         <description>LUKS Sample Secret</description>
         <uuid>f981dd17-143f-45bc-88e6-ed1fe20ce9da</uuid>
         <usage type='volume'>
            <volume>/var/lib/libvirt/images/luks.img</volume>
         </usage>
      </secret> 

#cat /xml/secret-value
123456

3.Prepare a guest xml with the luks image:
#cat /tmp/vm1.xml
...
<disk type='file' device='disk'>
      <driver name='qemu' type='qcow2' cache='none' io='threads' copy_on_read='off'/>
      <source file='/var/lib/libvirt/images/luks.qcow2' index='1'>
              <encryption format='luks'>
        <secret type='passphrase' uuid='f981dd17-143f-45bc-88e6-ed1fe20ce9da'/>
</encryption>
     </source>
...
</disk>
...

4. Start guest with specified root dir and luks image:
# virt-qemu-run -s /xml/secret.xml,/xml/value -d -v -r /tmp/test1 /tmp/vm1.xml

Actual results:

virt-qemu-run: 127: initializing libvirt 259671
virt-qemu-run: 1719: initializing signal handlers
virt-qemu-run: 1807: preparing event loop thread
virt-qemu-run: 1999: opening secret:///embed?root=%2Ftmp%2Ftest1
virt-qemu-run: 3590: loading secret secret.xml and secret-value
virt-qemu-run: 3951: opening qemu:///embed?root=%2Ftmp%2Ftest1
virt-qemu-run: 25790: fetching guest config /tmp/vm1.xml
virt-qemu-run: 25868: starting guest /tmp/vm1.xml
2021-09-02 04:13:24.782+0000: 259671: info : libvirt version: 7.6.0, package: 2.el9 (Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>, 2021-08-10-04:33:30, )
2021-09-02 04:13:24.782+0000: 259671: info : hostname: hhan-rhel9-1
2021-09-02 04:13:24.782+0000: 259671: warning : qemuProcessStop:7964 : Unable to release network device '<null>'
virt-qemu-run: cannot start VM: internal error: No current identity to elevate
virt-qemu-run: 452573: cleaned up, exiting


Expected results:
Start guest successfully and show verbose output.

Additional info:

--- Additional comment from Fangge Jin on 2021-09-02 13:04:32 UTC ---

Start vm without specified root dir has same issue

--- Additional comment from Jaroslav Suchanek on 2021-09-06 14:37:35 UTC ---
Comment 1 Fangge Jin 2021-10-21 07:17:33 UTC 
Hi hhan
This bug will tracked in RHEL-9

*** This bug has been marked as a duplicate of bug 2000410 ***
Note You need to log in before you can comment on or make changes to this bug.