This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 828073 - failed connect to libvirtd because of can't access /var/run/libvirt
failed connect to libvirtd because of can't access /var/run/libvirt
Status: CLOSED NEXTRELEASE
Product: Virtualization Tools
Classification: Community
Component: libvirt (Show other bugs)
unspecified
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Libvirt Maintainers
infra
: Regression
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-06-04 03:55 EDT by Royce Lv
Modified: 2012-06-13 16:54 EDT (History)
20 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-13 16:54:59 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Royce Lv 2012-06-04 03:55:09 EDT
Description of problem:
for libvirt version libvirt-0.9.12-1.fc16.x86_64
vdsm can't connect libvirt and keep on respawning
vdsm log:                                                          
File "/usr/lib64/python2.7/site-packages/libvirt.py", line 102, in openAuth   
     if ret is None:raise libvirtError('virConnectOpenAuth() failed')            
 libvirtError: Failed to connect socket to '/var/run/libvirt/libvirt-sock': Permission denied

ls -ld /var/run/libvirt
drwx------. 5 root root 140 Jun  4 15:23 /var/run/libvirt

This is because recently libvirt change to create this directory as:
32a9aac2 daemon/libvirtd.c (William Jon McCann 2012-05-03 12:36:27 -0400  296)             old_umask = umask(077);
32a9aac2 daemon/libvirtd.c (William Jon McCann 2012-05-03 12:36:27 -0400  297)             if (virFileMakePath(rundir) < 0) {
32a9aac2 daemon/libvirtd.c (William Jon McCann 2012-05-03 12:36:27 -0400  298)                 umask(old_umask);
32a9aac2 daemon/libvirtd.c (William Jon McCann 2012-05-03 12:36:27 -0400  299)                 goto error;
32a9aac2 daemon/libvirtd.c (William Jon McCann 2012-05-03 12:36:27 -0400  300)             }

so vdsm can't connected to /var/run/libvirt/libvirt-sock


Version-Release number of selected component (if applicable):
libvirt-0.9.12-1.fc16.x86_64
vdsm-4.9.6-0.261.git2e8b718.fc16.x86_64

How reproducible:
100%

Steps to Reproduce:
1.start vdsmd
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Dan Kenigsberg 2012-06-04 04:37:51 EDT
I beleive it is a libvirt bug; libvirt should continue to support connection of non-root clients.
Comment 2 Cole Robinson 2012-06-07 17:55:42 EDT
This is using 0.9.12, so rawhide material.

Danpb, looks like might be related to mccann's recent patches, thoughts?
Comment 3 Daniel Berrange 2012-06-08 07:32:38 EDT
The changeset quoted is only touching the socket permissions for the unprivileged libvirtd instance. /var/run/libvirt/libvirt-sock is the privileged instance, which should not have changed.

Can you provide the /etc/libvirt/libvirtd.conf file so we can see how libvirtd is configured.
Comment 4 Daniel Berrange 2012-06-08 12:21:40 EDT
> This is because recently libvirt change to create this directory as:
> 32a9aac2 daemon/libvirtd.c (William Jon McCann 2012-05-03 12:36:27 -0400  296)             old_umask = umask(077);

This commit you mention is not even present in the 0.9.12 release. Can you confirm that you really are using the 0.9.12 release with *no* other patches applied ?

Also, what previous release worked as expected ?
Comment 5 Royce Lv 2012-06-10 21:45:04 EDT
(In reply to comment #4)
> > This is because recently libvirt change to create this directory as:
> > 32a9aac2 daemon/libvirtd.c (William Jon McCann 2012-05-03 12:36:27 -0400  296)             old_umask = umask(077);
> 
> This commit you mention is not even present in the 0.9.12 release. Can you
> confirm that you really are using the 0.9.12 release with *no* other patches
> applied ?
> 
> Also, what previous release worked as expected ?

Actually, I'm not downloading the rpm package, I git pull the recent source and made rpm on my own,The HEAD is :
commit 107f51b69c44b9902ed76ab0e33e89dde5d21cb1
Author: Radu Caragea <dmns_serp@yahoo.com>
Date:   Mon Jun 4 09:32:37 2012 +0200

The previous release worked as expected is :
libvirt-0.9.10-2.fc16
Comment 6 Daniel Berrange 2012-06-11 05:49:07 EDT
Ok, for future if you are filing bugs about GIT snapshots, please make sure to explicitly say this in the initial bug description, and file the bug against the 'Virtualization Tools' product, not Fedora.
Comment 7 Royce Lv 2012-06-11 06:43:28 EDT
Sorry for the wrong quote, it should be this line (Line 1127)of the same patchset:
32a9aac2 daemon/libvirtd.c (William Jon McCann 2012-05-03 12:36:27 -0400 1127)     old_umask = umask(077);

libvirtd log:
2012-06-11 09:25:26.126+0000: 16920: debug : do_open:1153 : trying driver 7 (remote) ...
2012-06-11 09:25:26.126+0000: 16920: debug : doRemoteOpen:542 : proceeding with name = qemu:///system
2012-06-11 09:25:26.126+0000: 16920: debug : doRemoteOpen:552 : Connecting with transport 1
2012-06-11 09:25:26.126+0000: 16920: debug : doRemoteOpen:599 : Proceeding with sockname /var/run/libvirt/libvirt-sock
2012-06-11 09:25:26.126+0000: 16920: error : virNetSocketNewConnectUNIX:521 : Failed to connect socket to '/var/run/libvirt/libvirt-sock': Permission denied
2012-06-11 09:25:26.126+0000: 16920: debug : do_open:1159 : driver 7 remote returned ERROR

libvirtd.conf:
listen_addr="0.0.0.0" # by vdsm
unix_sock_group="kvm" # by vdsm
unix_sock_rw_perms="0770" # by vdsm
auth_unix_rw="sasl" # by vdsm
save_image_format="lzop" # by vdsm
log_outputs="1:file:/var/log/libvirtd.log" # by vdsm
log_filters="1:libvirt 3:event 3:json 1:util 1:qemu" # by vdsm
auth_tcp="none" # by vdsm
listen_tcp=1 # by vdsm
listen_tls=0 # by vdsm

[lvroyce@lvroyce-pc vdsm]$ groups vdsm
vdsm : kvm qemu sanlock

[root@lvroyce-pc run]# ls /var/run/libvirt -ld
drwx------. 5 root root 140 Jun 11 17:50 /var/run/libvirt
Comment 9 Eric Blake 2012-06-13 16:54:59 EDT
Will be in 0.9.13.

commit 0ec82620921567d46a0b490e011d8b58bf080a0e
Author: Daniel P. Berrange <berrange@redhat.com>
Date:   Mon Jun 11 12:31:16 2012 +0100

    Fix privileges on /var/run/libvirt directory
    
    Previous commit
    
      commit 32a9aac2e04c991340b66c855a1095e4e6445e54
      Author: William Jon McCann <william.jon.mccann@gmail.com>
      Date:   Thu May 3 12:36:27 2012 -0400
    
        Use XDG Base Directories instead of storing in home directory
    
    Accidentally changed the umask when creating /var/run/libvirt
    to 077. This prevents /var/run/libvirt being readable by non-root,
    which is required for non-root to connect to libvirtd. Fix the
    code so that umask 077 is only used for the non-privileged libvirtd
    instance.

Note You need to log in before you can comment on or make changes to this bug.