RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 702044 - Can't attach iso from readonly filesystem to VM because it can't be chowned
Summary: Can't attach iso from readonly filesystem to VM because it can't be chowned
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libvirt
Version: 6.2
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: rc
: ---
Assignee: Laine Stump
QA Contact: Virtualization Bugs
URL:
Whiteboard:
: 709454 712170 (view as bug list)
Depends On:
Blocks: 862756
TreeView+ depends on / blocked
 
Reported: 2011-05-04 15:53 UTC by David Jaša
Modified: 2013-09-26 09:46 UTC (History)
9 users (show)

Fixed In Version: libvirt-0.9.2-1.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 862756 1012085 (view as bug list)
Environment:
Last Closed: 2011-12-06 11:06:34 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1513 0 normal SHIPPED_LIVE libvirt bug fix and enhancement update 2011-12-06 01:23:30 UTC

Description David Jaša 2011-05-04 15:53:26 UTC 
Description of problem:
When trying to attach iso from read-only filesystem (like NFS server administered by somebody else), it fails because iso's ownership cannot be changed to qemu:qemu

Version-Release number of selected component (if applicable):


How reproducible:
always

Steps to Reproduce:
1. run VM with empty cdrom device 
2. run 'virsh attach-disk win7x64 /path/on/readonly_fs/to/image.iso hdc --type cdrom;
3.
  
Actual results:
this error is throwed:
error: Failed to attach disk
error: unable to set user and group to '107:107' on '/mnt/trash/ic114/RHEV-toolsSetup_2.3_395.iso': Nepřípustný argument

Expected results:
disk is attached as read-only

Additional info:
* virt-manager fails with the same error
* 107:107 are UID:GID in local system
* unix permissions don't block qemu or libvirt from reading the isos, but selinux may block them (I don't know how to confirm this now)
Comment 1 Laine Stump 2011-06-02 20:28:56 UTC 
Nepřípustný argument == EINVAL

The error comes (as you'd guess) from chown(2). But the manpage for chown doesn't mention the possibility of returning EINVAL. virSecurityDACSetOwnership already special cases EOPNOTSUPP, EPERM, and EROFS to ignore them. Would it be acceptable in all cases to just ignore EINVAL as well?
Comment 2 Laine Stump 2011-06-02 20:34:25 UTC 
*** Bug 709454 has been marked as a duplicate of this bug. ***
Comment 3 Laine Stump 2011-06-03 16:28:17 UTC 
The following fix has been pushed to upstream libvirt, and will be in the next rebase for RHEL6:

commit 62ed801c13787cc844e75db7cd2d4c8a42454fcc
Author: Laine Stump <laine>
Date:   Fri Jun 3 11:59:09 2011 -0400

    security driver: ignore EINVAL when chowning an image file
    
    This fixes:
    
      https://bugzilla.redhat.com/show_bug.cgi?id=702044
      https://bugzilla.redhat.com/show_bug.cgi?id=709454
    
    Both of these complain of a failure to use an image file that resides
    on a read-only NFS volume. The function in the DAC security driver
    that chowns image files to the qemu user:group before using them
    already has special cases to ignore failure of chown on read-only file
    systems, and in a few other cases, but it hadn't been checking for
    EINVAL, which is what is returned if the qemu user doesn't even exist
    on the NFS server.
    
    Since the explanation of EINVAL in the chown man page almost exactly
    matches the log message already present for the case of EOPNOTSUPP,
    I've just added EINVAL to that same conditional.
Comment 4 Laine Stump 2011-06-03 19:54:01 UTC 
The question in Comment 1 was already answered in IRC (the answer was "yes").
Comment 6 Daniel Veillard 2011-06-23 03:14:19 UTC 
This should be fixed by the libvirt-0.9.2-1.el6 rebase
Comment 11 Rita Wu 2011-07-06 10:31:56 UTC 
Set it as VERIFIED per comment9
Comment 12 Laine Stump 2011-09-28 06:26:23 UTC 
*** Bug 712170 has been marked as a duplicate of this bug. ***
Comment 13 Yury V. Zaytsev 2011-09-28 07:39:26 UTC 
Perfect, thanks!
Comment 14 errata-xmlrpc 2011-12-06 11:06:34 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1513.html
Note You need to log in before you can comment on or make changes to this bug.