[PATCH] bringup_guestfs: fix group permissions for disks

public inbox for kdevops@lists.linux.dev
 help / color / mirror / Atom feed

* [PATCH] bringup_guestfs: fix group permissions for disks
@ 2025-04-23 19:34 Daniel Gomez
  2025-04-23 19:51 ` Luis Chamberlain
  0 siblings, 1 reply; 2+ messages in thread
From: Daniel Gomez @ 2025-04-23 19:34 UTC (permalink / raw)
  To: Luis Chamberlain; +Cc: kdevops, Daniel Gomez, Daniel Gomez

From: Daniel Gomez <da.gomez@samsung.com>

Ensure libvirt-qemu group permissions are set to qemu image disks when
on libvirt system uri.

Permissions before:
namei --long /var/lib/libvirt/images/kdevops/guestfs/debian13/extra0.raw

f: /var/lib/libvirt/images/kdevops/guestfs/debian13/extra0.raw
drwxr-xr-x root    root         /
drwxr-xr-x root    root         var
drwxr-xr-x root    root         lib
drwxr-xr-x root    libvirt-qemu libvirt
drwxrwxr-x root    libvirt-qemu images
drwxrwxr-x root    libvirt-qemu kdevops
drwxrwxr-x root    libvirt-qemu guestfs
drwxrwxr-x dagomez dagomez      debian13
-rw-rw-r-- dagomez dagomez      extra0.raw

Permissions after:

f: /var/lib/libvirt/images/kdevops/guestfs/debian13/extra0.raw
drwxr-xr-x root    root         /
drwxr-xr-x root    root         var
drwxr-xr-x root    root         lib
drwxr-xr-x root    libvirt-qemu libvirt
drwxrwsr-x root    libvirt-qemu images
drwxrwsr-x root    libvirt-qemu kdevops
drwxrwsr-x root    libvirt-qemu guestfs
drwxrwsr-x dagomez libvirt-qemu debian13
-rw-rw-r-- dagomez libvirt-qemu extra0.raw

libvirt permission error:

make bringup
{...}
.//scripts/bringup_guestfs.sh
User dagomez is part of the libvirt-qemu group.
[   0.0] Examining the guest ...
{...}
[   5.1] SELinux relabelling
[   5.1] Performing "lvm-uuids" ...
Formatting '/var/lib/libvirt/images/kdevops/guestfs/debian13/extra0.raw',
fmt=raw size=107374182400
Formatting '/var/lib/libvirt/images/kdevops/guestfs/debian13/extra1.raw',
fmt=raw size=107374182400
Formatting '/var/lib/libvirt/images/kdevops/guestfs/debian13/extra2.raw',
fmt=raw size=107374182400
Formatting '/var/lib/libvirt/images/kdevops/guestfs/debian13/extra3.raw',
fmt=raw size=107374182400
Domain 'debian13' defined from .//guestfs/debian13/debian13.xml

error: Failed to start domain 'debian13'
error: internal error: QEMU unexpectedly closed the monitor
(vm='debian13'): 2025-04-23T14:17:23.707308Z qemu-system-x86_64: -device
virtio-blk-pci,drive=drv0,id=virtio-drv0,serial=kdevops0,bus=
pcie-port-for-virtio-0,addr=0x0,iothread=kdevops-virtio-iothread-0,
logical_block_size=512,physical_block_size=512: Could not open
'/var/lib/libvirt/images/kdevops/guestfs/debian13/extra0.raw':
Permission denied

Failed to start debian13
make: *** [scripts/guestfs.Makefile:80: bringup_guestfs] Error 1

Signed-off-by: Daniel Gomez <da.gomez@samsung.com>
---
QEMU images created with the qemu-img do not inherit group permissions.
Instead, they are created with user group making libvirt fail when
trying to access these files with the system hypervisor canonical URI.
---
 scripts/bringup_guestfs.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/scripts/bringup_guestfs.sh b/scripts/bringup_guestfs.sh
index 94e0437192bec4d68cba627d1e6d77b483a8eed1..4c238a839b754f8e0f173ace93649f4940561a88 100755
--- a/scripts/bringup_guestfs.sh
+++ b/scripts/bringup_guestfs.sh
@@ -350,6 +350,7 @@ do
 				qemu-img create -f $IMG_FMT "$diskimg" 100G
 				if [[ "$CONFIG_LIBVIRT_URI_SYSTEM" == "y" ]]; then
 					chmod g+rw $diskimg
+					chgrp $QEMU_GROUP $diskimg
 				fi
 				let lbs_idx=$lbs_idx+1
 			done
@@ -362,6 +363,7 @@ do
 			qemu-img create -f $IMG_FMT "$STORAGEDIR/$name/extra${i}.$IMG_FMT" 100G
 			if [[ "$CONFIG_LIBVIRT_URI_SYSTEM" == "y" ]]; then
 				chmod g+rw $STORAGEDIR/$name/extra${i}.$IMG_FMT
+				chgrp $QEMU_GROUP $STORAGEDIR/$name/extra${i}.$IMG_FMT
 			fi
 		done
 	fi

---
base-commit: f41061fc1f29124e0eb61ff048aa68649e8ef932
change-id: 20250423-fix-permissions-disks-3caa51fe0235

Best regards,
-- 
Daniel Gomez <da.gomez@samsung.com>


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] bringup_guestfs: fix group permissions for disks
  2025-04-23 19:34 [PATCH] bringup_guestfs: fix group permissions for disks Daniel Gomez
@ 2025-04-23 19:51 ` Luis Chamberlain
  0 siblings, 0 replies; 2+ messages in thread
From: Luis Chamberlain @ 2025-04-23 19:51 UTC (permalink / raw)
  To: Daniel Gomez; +Cc: kdevops, Daniel Gomez

On Wed, Apr 23, 2025 at 07:34:48PM +0000, Daniel Gomez wrote:
> From: Daniel Gomez <da.gomez@samsung.com>
> 
> Ensure libvirt-qemu group permissions are set to qemu image disks when
> on libvirt system uri.
> 
> Permissions before:
> namei --long /var/lib/libvirt/images/kdevops/guestfs/debian13/extra0.raw
> 
> f: /var/lib/libvirt/images/kdevops/guestfs/debian13/extra0.raw
> drwxr-xr-x root    root         /
> drwxr-xr-x root    root         var
> drwxr-xr-x root    root         lib
> drwxr-xr-x root    libvirt-qemu libvirt
> drwxrwxr-x root    libvirt-qemu images
> drwxrwxr-x root    libvirt-qemu kdevops
> drwxrwxr-x root    libvirt-qemu guestfs
> drwxrwxr-x dagomez dagomez      debian13
> -rw-rw-r-- dagomez dagomez      extra0.raw
> 
> Permissions after:
> 
> f: /var/lib/libvirt/images/kdevops/guestfs/debian13/extra0.raw
> drwxr-xr-x root    root         /
> drwxr-xr-x root    root         var
> drwxr-xr-x root    root         lib
> drwxr-xr-x root    libvirt-qemu libvirt
> drwxrwsr-x root    libvirt-qemu images
> drwxrwsr-x root    libvirt-qemu kdevops
> drwxrwsr-x root    libvirt-qemu guestfs
> drwxrwsr-x dagomez libvirt-qemu debian13
> -rw-rw-r-- dagomez libvirt-qemu extra0.raw
> 
> libvirt permission error:
> 
> make bringup
> {...}
> .//scripts/bringup_guestfs.sh
> User dagomez is part of the libvirt-qemu group.
> [   0.0] Examining the guest ...
> {...}
> [   5.1] SELinux relabelling
> [   5.1] Performing "lvm-uuids" ...
> Formatting '/var/lib/libvirt/images/kdevops/guestfs/debian13/extra0.raw',
> fmt=raw size=107374182400
> Formatting '/var/lib/libvirt/images/kdevops/guestfs/debian13/extra1.raw',
> fmt=raw size=107374182400
> Formatting '/var/lib/libvirt/images/kdevops/guestfs/debian13/extra2.raw',
> fmt=raw size=107374182400
> Formatting '/var/lib/libvirt/images/kdevops/guestfs/debian13/extra3.raw',
> fmt=raw size=107374182400
> Domain 'debian13' defined from .//guestfs/debian13/debian13.xml
> 
> error: Failed to start domain 'debian13'
> error: internal error: QEMU unexpectedly closed the monitor
> (vm='debian13'): 2025-04-23T14:17:23.707308Z qemu-system-x86_64: -device
> virtio-blk-pci,drive=drv0,id=virtio-drv0,serial=kdevops0,bus=
> pcie-port-for-virtio-0,addr=0x0,iothread=kdevops-virtio-iothread-0,
> logical_block_size=512,physical_block_size=512: Could not open
> '/var/lib/libvirt/images/kdevops/guestfs/debian13/extra0.raw':
> Permission denied
> 
> Failed to start debian13
> make: *** [scripts/guestfs.Makefile:80: bringup_guestfs] Error 1
> 
> Signed-off-by: Daniel Gomez <da.gomez@samsung.com>

Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>

  Luis

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2025-04-23 19:51 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-04-23 19:34 [PATCH] bringup_guestfs: fix group permissions for disks Daniel Gomez
2025-04-23 19:51 ` Luis Chamberlain

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox