LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Virtualization and Cloud
User Name
Password
Linux - Virtualization and Cloud This forum is for the discussion of all topics relating to Linux Virtualization and Linux Cloud platforms. Xen, KVM, OpenVZ, VirtualBox, VMware, Linux-VServer and all other Linux Virtualization platforms are welcome. OpenStack, CloudStack, ownCloud, Cloud Foundry, Eucalyptus, Nimbus, OpenNebula and all other Linux Cloud platforms are welcome. Note that questions relating solely to non-Linux OS's should be asked in the General forum.

Notices


Reply
  Search this Thread
Old 06-20-2016, 11:09 AM   #1
AnEmptyCup
LQ Newbie
 
Registered: Jun 2016
Posts: 2

Rep: Reputation: Disabled
Permission denied for qemu, studying for RHCSA


Good morning everyone,
Long time lurker finally needs help! I am studying for my RHCSA AND right off the bat I have an issue that is frustrating me.

From Michael Jangs RHCSA/RHCE study guide, he recommends using the users Home directory for storing the VM images.
Due to my / being only a 50 GB partition and my lab will need to support 4 VMs, I followed the advice suggested by Jang to create a new directory in my users home, /home/adrian/images.

Hopefully, someone can help me thru this. I don't know what to do other than probably 777 the images directory =\

After clicking Finish for the new VM config, an error is presented about permissions for qemu being denied. So, I chown -R qemu:qemu on /home/adrian/images and yet I still get this error:

Unable to complete install: 'Cannot access storage file '/var/lib/libvirt/images/arch.example.com.qcow2' (as uid:107, gid:107): Permission denied'

Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 89, in cb_wrapper
callback(asyncjob, *args, **kwargs)
File "/usr/share/virt-manager/virtManager/create.py", line 1873, in do_install
guest.start_install(meter=meter)
File "/usr/share/virt-manager/virtinst/guest.py", line 417, in start_install
noboot)
File "/usr/share/virt-manager/virtinst/guest.py", line 481, in _create_guest
dom = self.conn.createLinux(start_xml or final_xml, 0)
File "/usr/lib64/python2.7/site-packages/libvirt.py", line 3585, in createLinux
if ret is None:raise libvirtError('virDomainCreateLinux() failed', conn=self)
libvirtError: Cannot access storage file '/var/lib/libvirt/images/arch.example.com.qcow2' (as uid:107, gid:107): Permission denied




Example command provided in Jang book

mkdir /home/adrian/images

su - root

semanage fcontext -a -t virt_image_t '/home/adrian/images(/.*)?'

restorecon /home/adrian/images

rmdir /var/lib/libvirt/images

ln -s /home/adrian/images /var/lib/libvirt/images

Here's what images permissions are

drwxr-xr-x. 2 qemu qemu 42 Jun 20 07:48 images


Thanks
 
Old 06-20-2016, 12:24 PM   #2
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,735

Rep: Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295
Possible problem with the /home/adrian directory permissions. Not sure though (I would have expected it to be /home/images rather than in a subdirectory, but I haven't had to move where the images were as usually I do a partition passthrough instead, and use a full partition for root rather than a virtual disk).
 
1 members found this post helpful.
Old 06-20-2016, 01:52 PM   #3
AnEmptyCup
LQ Newbie
 
Registered: Jun 2016
Posts: 2

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by jpollard View Post
Possible problem with the /home/adrian directory permissions. Not sure though (I would have expected it to be /home/images rather than in a subdirectory, but I haven't had to move where the images were as usually I do a partition passthrough instead, and use a full partition for root rather than a virtual disk).
jpollard,

Thank you so damn much!It worked! I was too focused on trying to make the book example work that I didn't think to just make a directory in /home.

I really wish my first post here had been something a BIT more complicated. Welp, back to my studying!

Have a great day!
 
1 members found this post helpful.
Old 07-16-2018, 05:58 AM   #4
KarolDworak
LQ Newbie
 
Registered: Jun 2018
Posts: 27

Rep: Reputation: Disabled
Jpollard, I need to know why this was the solution. Why was a dir created off of /home/ default to the correct permissions but one made off of /home/user/ cause an error?
 
Old 07-16-2018, 03:55 PM   #5
KarolDworak
LQ Newbie
 
Registered: Jun 2018
Posts: 27

Rep: Reputation: Disabled
Bump bump
 
Old 07-17-2018, 04:57 AM   #6
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,735

Rep: Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295
Quote:
Originally Posted by KarolDworak View Post
Jpollard, I need to know why this was the solution. Why was a dir created off of /home/ default to the correct permissions but one made off of /home/user/ cause an error?
Just saw it this morning, sorry for the delay.

/home is owned by root, and with a root controlled SELinux type.

The directory /home has SELinux type: home_root_t. A users home directory is user_home_dir_t.

This blocks the access to virt_image_t, as it is considered a security weakness where users home directory can be used to subvert the virtual machine security.
 
1 members found this post helpful.
Old 07-17-2018, 05:04 AM   #7
KarolDworak
LQ Newbie
 
Registered: Jun 2018
Posts: 27

Rep: Reputation: Disabled
Thumbs up

Jpollard I am very thankful for the quick reply.
 
Old 07-17-2018, 06:14 AM   #8
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,735

Rep: Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295
No problem. I had run across a similar situation in making backups... I've been using /home/sys to do that, but had to make the labels correctly (easier as it was only one level down, rather than two).
 
Old 07-17-2018, 08:40 AM   #9
KarolDworak
LQ Newbie
 
Registered: Jun 2018
Posts: 27

Rep: Reputation: Disabled
So because my dir /home/user/KVM was a child dir to /home/user/ it didnt matter that we set the proper SELinux context on the KVM dir, qemu could not get thru the user dir to reach KVM is that correct? If that's the case, could I do chown root.root /home/user and give user dir the home_root_t context?
 
Old 07-18-2018, 04:10 AM   #10
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,735

Rep: Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295
I think so.

You do have to realize the owner of the directory will then be able to tinker with the images.

It is POSSIBLE, this would block the /home/user from accessing his own files though. I haven't tried that one.
 
Old 07-18-2018, 06:05 AM   #11
KarolDworak
LQ Newbie
 
Registered: Jun 2018
Posts: 27

Rep: Reputation: Disabled
I set /home/user to root.root and tried to create a VM install with both virt_image_t and root_home_t as the context for the user dir, none of those options had the desired effect. And user was unable to access his own files. Thanks again 👍
 
Old 07-19-2018, 04:10 AM   #12
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,735

Rep: Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295Reputation: 1295
Quote:
Originally Posted by KarolDworak View Post
I set /home/user to root.root and tried to create a VM install with both virt_image_t and root_home_t as the context for the user dir, none of those options had the desired effect. And user was unable to access his own files. Thanks again 👍
Thanks for testing.
 
1 members found this post helpful.
Old 07-19-2018, 04:44 PM   #13
KarolDworak
LQ Newbie
 
Registered: Jun 2018
Posts: 27

Rep: Reputation: Disabled
Do not shut down without reverting user dir to default ownership and permissions or you will encounter a login loop.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
studying for rhcsa - help with logical volume theory and extending lv size required and1_hotsauce Linux - Newbie 2 04-24-2016 08:04 AM
[SOLVED] Unable to start Qemu: Permission denied Pinonoir Slackware 27 06-07-2014 05:43 PM
[SOLVED] Slackware64 14.0 and aqemu/qemu: KVM module: permission denied Totoro-kun Slackware 1 10-01-2012 05:41 AM
make execvp : /home/taowuwen/openmoko/qemu-neo1973/texi2pod.pl: permission denied twwwater Ubuntu 0 01-07-2009 11:55 AM
'permission denied" inspite of right permission flags on network drive anirudhvij Linux - Enterprise 8 05-22-2007 05:57 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Virtualization and Cloud

All times are GMT -5. The time now is 11:12 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration