Description of problem: for libvirt version libvirt-0.9.12-1.fc16.x86_64 vdsm can't connect libvirt and keep on respawning vdsm log: File "/usr/lib64/python2.7/site-packages/libvirt.py", line 102, in openAuth if ret is None:raise libvirtError('virConnectOpenAuth() failed') libvirtError: Failed to connect socket to '/var/run/libvirt/libvirt-sock': Permission denied ls -ld /var/run/libvirt drwx------. 5 root root 140 Jun 4 15:23 /var/run/libvirt This is because recently libvirt change to create this directory as: 32a9aac2 daemon/libvirtd.c (William Jon McCann 2012-05-03 12:36:27 -0400 296) old_umask = umask(077); 32a9aac2 daemon/libvirtd.c (William Jon McCann 2012-05-03 12:36:27 -0400 297) if (virFileMakePath(rundir) < 0) { 32a9aac2 daemon/libvirtd.c (William Jon McCann 2012-05-03 12:36:27 -0400 298) umask(old_umask); 32a9aac2 daemon/libvirtd.c (William Jon McCann 2012-05-03 12:36:27 -0400 299) goto error; 32a9aac2 daemon/libvirtd.c (William Jon McCann 2012-05-03 12:36:27 -0400 300) } so vdsm can't connected to /var/run/libvirt/libvirt-sock Version-Release number of selected component (if applicable): libvirt-0.9.12-1.fc16.x86_64 vdsm-4.9.6-0.261.git2e8b718.fc16.x86_64 How reproducible: 100% Steps to Reproduce: 1.start vdsmd 2. 3. Actual results: Expected results: Additional info:
I beleive it is a libvirt bug; libvirt should continue to support connection of non-root clients.
This is using 0.9.12, so rawhide material. Danpb, looks like might be related to mccann's recent patches, thoughts?
The changeset quoted is only touching the socket permissions for the unprivileged libvirtd instance. /var/run/libvirt/libvirt-sock is the privileged instance, which should not have changed. Can you provide the /etc/libvirt/libvirtd.conf file so we can see how libvirtd is configured.
> This is because recently libvirt change to create this directory as: > 32a9aac2 daemon/libvirtd.c (William Jon McCann 2012-05-03 12:36:27 -0400 296) old_umask = umask(077); This commit you mention is not even present in the 0.9.12 release. Can you confirm that you really are using the 0.9.12 release with *no* other patches applied ? Also, what previous release worked as expected ?
(In reply to comment #4) > > This is because recently libvirt change to create this directory as: > > 32a9aac2 daemon/libvirtd.c (William Jon McCann 2012-05-03 12:36:27 -0400 296) old_umask = umask(077); > > This commit you mention is not even present in the 0.9.12 release. Can you > confirm that you really are using the 0.9.12 release with *no* other patches > applied ? > > Also, what previous release worked as expected ? Actually, I'm not downloading the rpm package, I git pull the recent source and made rpm on my own,The HEAD is : commit 107f51b69c44b9902ed76ab0e33e89dde5d21cb1 Author: Radu Caragea <dmns_serp> Date: Mon Jun 4 09:32:37 2012 +0200 The previous release worked as expected is : libvirt-0.9.10-2.fc16
Ok, for future if you are filing bugs about GIT snapshots, please make sure to explicitly say this in the initial bug description, and file the bug against the 'Virtualization Tools' product, not Fedora.
Sorry for the wrong quote, it should be this line (Line 1127)of the same patchset: 32a9aac2 daemon/libvirtd.c (William Jon McCann 2012-05-03 12:36:27 -0400 1127) old_umask = umask(077); libvirtd log: 2012-06-11 09:25:26.126+0000: 16920: debug : do_open:1153 : trying driver 7 (remote) ... 2012-06-11 09:25:26.126+0000: 16920: debug : doRemoteOpen:542 : proceeding with name = qemu:///system 2012-06-11 09:25:26.126+0000: 16920: debug : doRemoteOpen:552 : Connecting with transport 1 2012-06-11 09:25:26.126+0000: 16920: debug : doRemoteOpen:599 : Proceeding with sockname /var/run/libvirt/libvirt-sock 2012-06-11 09:25:26.126+0000: 16920: error : virNetSocketNewConnectUNIX:521 : Failed to connect socket to '/var/run/libvirt/libvirt-sock': Permission denied 2012-06-11 09:25:26.126+0000: 16920: debug : do_open:1159 : driver 7 remote returned ERROR libvirtd.conf: listen_addr="0.0.0.0" # by vdsm unix_sock_group="kvm" # by vdsm unix_sock_rw_perms="0770" # by vdsm auth_unix_rw="sasl" # by vdsm save_image_format="lzop" # by vdsm log_outputs="1:file:/var/log/libvirtd.log" # by vdsm log_filters="1:libvirt 3:event 3:json 1:util 1:qemu" # by vdsm auth_tcp="none" # by vdsm listen_tcp=1 # by vdsm listen_tls=0 # by vdsm [lvroyce@lvroyce-pc vdsm]$ groups vdsm vdsm : kvm qemu sanlock [root@lvroyce-pc run]# ls /var/run/libvirt -ld drwx------. 5 root root 140 Jun 11 17:50 /var/run/libvirt
https://www.redhat.com/archives/libvir-list/2012-June/msg00329.html
Will be in 0.9.13. commit 0ec82620921567d46a0b490e011d8b58bf080a0e Author: Daniel P. Berrange <berrange> Date: Mon Jun 11 12:31:16 2012 +0100 Fix privileges on /var/run/libvirt directory Previous commit commit 32a9aac2e04c991340b66c855a1095e4e6445e54 Author: William Jon McCann <william.jon.mccann> Date: Thu May 3 12:36:27 2012 -0400 Use XDG Base Directories instead of storing in home directory Accidentally changed the umask when creating /var/run/libvirt to 077. This prevents /var/run/libvirt being readable by non-root, which is required for non-root to connect to libvirtd. Fix the code so that umask 077 is only used for the non-privileged libvirtd instance.