Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-37519

Permission denied if passing a RW fd but setting the disk RO in vm xml.

XMLWordPrintable

    • Yes
    • None
    • Regression
    • sst_virtualization_storage
    • ssg_virtualization
    • 3
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      Pass a RW fd to vm, but set the disk to RO in vm xml, qemu reports "permission denied" when starts vm or hotplug disk.

      Please provide the package NVR for which bug is seen:

      libvirt-10.3.0-1.el9.x86_64
      qemu-kvm-9.0.0-1.el9.x86_64

      How reproducible:

      100%

      Steps to reproduce

      1. Start a vm
      2. Create a disk image, and open a RW fd
      [root@dell-per740-78 ~]# qemu-img create -f raw /var/lib/libvirt/images/cdrom1.raw 100M
Formatting '/var/lib/libvirt/images/cdrom1.raw', fmt=raw size=104857600

[root@dell-per740-78 ~]# ll -Z /var/lib/libvirt/images/cdrom1.raw
-rw-r--r--. 1 root root unconfined_u:object_r:virt_image_t:s0 104857600 May 20 23:02 /var/lib/libvirt/images/cdrom1.raw

[root@dell-per740-78 ~]# exec 10<>/var/lib/libvirt/images/cdrom1.raw
      1. Associate the fd with vm, and try to attach the image to vm as readonly disk
      [root@dell-per740-78 ~]# cat fd.xml 
<disk type="file" device="disk">
  <driver name="qemu" type="raw"/>
  <source file="/var/lib/libvirt/images/cdrom1.raw" fdgroup="fg1"/>
  <backingStore/>
  <readonly/>
  <target dev="vde" bus="virtio"/>
</disk>

[root@dell-per740-78 ~]# virsh 
Welcome to virsh, the virtualization interactive terminal.
Type:  'help' for help with commands
       'quit' to quit
virsh # dom-fd-associate rhel9.5 fg1 10 --seclabel-writable 
virsh # attach-device rhel9.5 fd.xml 
error: Failed to attach device from fd.xml
error: internal error: unable to execute QEMU command 'blockdev-add': Could not dup FD for /dev/fdset/60 flags 0: Permission denied
 
[root@dell-per740-78 ~]# ll -Z /var/lib/libvirt/images/cdrom1.raw
-rw-r--r--. 1 root root unconfined_u:object_r:virt_image_t:s0 104857600 May 20 23:03 /var/lib/libvirt/images/cdrom1.raw

      Expected results

      No "permission denied" error, disk can be attached to vm

      Actual results

      "permission denied" error when trying to start vm or hotplug the disk.
       

      Additional info

      1. If I pass a RO fd to vm, the disk can be attached to vm successfully.
      # exec 11</var/lib/libvirt/images/cdrom1.raw

# virsh
virsh # dom-fd-associate rhel9.5 fg1 11
virsh # attach-device rhel9.5 fd.xml 
Device attached successfully

# ll -Z /var/lib/libvirt/images/cdrom1.raw
-rw-r--r--. 1 root root system_u:object_r:virt_content_t:s0 104857600 May 20 23:03 /var/lib/libvirt/images/cdrom1.raw
      1. This issue can not be reproduced on RHEL9.4
        libvirt-10.0.0-6.3.el9_4.x86_64
        qemu-kvm-8.2.0-11.el9_4.2.x86_64

        1. log.tar.xz
          17 kB

              pkrempa@redhat.com Peter Krempa
              rhn-support-fjin Fangge Jin
              Peter Krempa Peter Krempa
              Fangge Jin Fangge Jin
              Votes:
              1 Vote for this issue
              Watchers:
              12 Start watching this issue

                Created:
                Updated: