Re: [Libguestfs] [libvirt] [PATCH libguestfs 0/4] Add a libvirt backend to libguestfs.
On Sat, Jul 21, 2012 at 09:43:45PM +0100, Richard W.M. Jones wrote:
On Sat, Jul 21, 2012 at 08:20:45PM +0100, Richard W.M. Jones wrote:
> Some questions:
Another question ...
> <channel type="unix">
> <source mode="connect"
path="/home/rjones/d/libguestfs/libguestfsSSg3Kl/guestfsd.sock"/>
> <target type="virtio"
name="org.libguestfs.channel.0"/>
> </channel>
This clause doesn't work when libguestfs/qemu runs as root. As far as
I can tell there are a combination of three factors working against it:
(1) libvirt (when run as root) runs qemu as qemu.qemu. Since this
user didn't have write access to the socket, it fails. I fixed this
by chowning the socket.
What libvirt URI are you using ? If libguest is running as non-root,
then I expect you'd want to use qemu:///session. THus all files would
be owned by the matching user ID, and I'd sugest $HOME/.libguestfs/qemu
for the directory to store the sockets in.
If libguestfs is running as root, then use qemu:///system and a socket
under /var/lib/libguestfs/qemu/
(2) Regular Unix permissions didn't give access to my home
directory
by non-root/non-me users. Fixed those permissions. This won't be a
problem when we're using /tmp normally, but will break tests because
we like to set $TMPDIR.
Again, see above.
(3) SELinux/sVirt prevents qemu connecting to this socket. This one
is a pain. You'd think that if a socket is specified in the libvirt
XML then sVirt should allow access to it.
You could either use the same directory that libvirt uses for the
main QEMU monitor socket, or preferrably define standard directories
for libguestfs and have them added to the SELinux policy
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|