Red Hat Bugzilla – Bug 620571
non root user can no longer view lvm devices
Last modified: 2011-05-19 10:26:21 EDT
Description of problem: [testmonkey@taft-02 root]$ lvs /etc/lvm/lvm.conf: stat failed: Permission denied [testmonkey@taft-02 root]$ cat /etc/lvm/lvm.conf cat: /etc/lvm/lvm.conf: Permission denied [testmonkey@taft-02 root]$ exit exit [root@taft-02 ~]# ls -lrt /etc/lvm/lvm.conf -rw-r--r--. 1 root root 21640 Aug 2 14:22 /etc/lvm/lvm.conf There used to be a message when running as non root: "WARNING: Running as a non-root user. Functionality may be unavailable." Version-Release number of selected component (if applicable): 2.6.32-52.el6.x86_64 lvm2-2.02.72-3.el6 BUILT: Wed Jul 28 15:39:43 CDT 2010 lvm2-libs-2.02.72-3.el6 BUILT: Wed Jul 28 15:39:43 CDT 2010 lvm2-cluster-2.02.72-3.el6 BUILT: Wed Jul 28 15:39:43 CDT 2010 udev-147-2.21.el6 BUILT: Mon Jul 12 04:55:00 CDT 2010 device-mapper-1.02.53-3.el6 BUILT: Wed Jul 28 15:39:43 CDT 2010 device-mapper-libs-1.02.53-3.el6 BUILT: Wed Jul 28 15:39:43 CDT 2010 device-mapper-event-1.02.53-3.el6 BUILT: Wed Jul 28 15:39:43 CDT 2010 device-mapper-event-libs-1.02.53-3.el6 BUILT: Wed Jul 28 15:39:43 CDT 2010 cmirror-2.02.72-3.el6 BUILT: Wed Jul 28 15:39:43 CDT 2010 How reproducible: everytime
So what's going on here? Are the /etc/lvm directory permissions wrong now? Or is it selinux? (And how did this trivial bugzilla not get noticed since August?)
Is /etc/lvm being given wrong permissions? It should be mode 0755 so that lvm.conf is readable. Looks wrong in the Fedora package I built a few hours ago.
Although /etc/lvm/lvm.conf is now readable by non root users, they still can not view lvm devices. Also, there shouldn't be any 'dm_task struct' failures, just the " WARNING: Running as a non-root user. Functionality may be unavailable." and the listed volumes. [testmonkey@taft-02 root]$ lvs WARNING: Running as a non-root user. Functionality may be unavailable. /dev/mapper/control: open failed: Permission denied Failure to communicate with kernel device-mapper driver. Failed to create dm_task struct to check dev status Failed to create dm_task struct to check dev status Failed to create dm_task struct to check dev status Failed to create dm_task struct to check dev status Failed to create dm_task struct to check dev status Failed to create dm_task struct to check dev status Failed to create dm_task struct to check dev status Failed to create dm_task struct to check dev status Failed to create dm_task struct to check dev status Failed to create dm_task struct to check dev status No volume groups found [testmonkey@taft-02 root]$ vgs WARNING: Running as a non-root user. Functionality may be unavailable. /dev/mapper/control: open failed: Permission denied Failure to communicate with kernel device-mapper driver. Failed to create dm_task struct to check dev status Failed to create dm_task struct to check dev status Failed to create dm_task struct to check dev status Failed to create dm_task struct to check dev status Failed to create dm_task struct to check dev status Failed to create dm_task struct to check dev status Failed to create dm_task struct to check dev status Failed to create dm_task struct to check dev status Failed to create dm_task struct to check dev status Failed to create dm_task struct to check dev status No volume groups found [testmonkey@taft-02 root]$ pvscan WARNING: Running as a non-root user. Functionality may be unavailable. /var/lock/lvm/P_global:aux: open failed: Permission denied Unable to obtain global lock. [testmonkey@taft-02 root]$ lvscan WARNING: Running as a non-root user. Functionality may be unavailable. /dev/mapper/control: open failed: Permission denied Failure to communicate with kernel device-mapper driver. Failed to create dm_task struct to check dev status Failed to create dm_task struct to check dev status Failed to create dm_task struct to check dev status Failed to create dm_task struct to check dev status Failed to create dm_task struct to check dev status Failed to create dm_task struct to check dev status Failed to create dm_task struct to check dev status Failed to create dm_task struct to check dev status Failed to create dm_task struct to check dev status Failed to create dm_task struct to check dev status No volume groups found [testmonkey@taft-02 root]$ lvcreate WARNING: Running as a non-root user. Functionality may be unavailable. /dev/mapper/control: open failed: Permission denied Failure to communicate with kernel device-mapper driver. striped: Required device-mapper target(s) not detected in your kernel Run `lvcreate --help' for more information.
You can see neither PVs (device is not accessible for user access by default) nor LV status (dm-ioctl requires root only, resp CAP_SYSADMIN privilege). But the repeated warnings are misleading, I posted some patch here https://www.redhat.com/archives/lvm-devel/2011-March/msg00116.html
After talking with devel, non root users are no longer able to view lvm devices, so the following cmds are what's now expected. Marking verified. [testmonkey@taft-01 root]$ pvscan WARNING: Running as a non-root user. Functionality may be unavailable. /var/lock/lvm/P_global:aux: open failed: Permission denied Unable to obtain global lock. [testmonkey@taft-01 root]$ pvs WARNING: Running as a non-root user. Functionality may be unavailable. /var/lock/lvm/P_global:aux: open failed: Permission denied Unable to obtain global lock. [testmonkey@taft-01 root]$ lvs WARNING: Running as a non-root user. Functionality may be unavailable. /dev/mapper/control: open failed: Permission denied Failure to communicate with kernel device-mapper driver. No volume groups found
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0772.html