[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Strange permissions issue with virt-install + UEFI

On 5/13/2022 6:53 PM, David wrote:
On Sat, 14 May 2022 at 10:57, Matt Ventura <mattventura@mattventura.net> wrote:

On one box (Debian 11.3), my virt-install script works fine:
virt-install [...]
However, on another box, the same command (minus the final --network option) gives me this:
Could not open '/var/lib/libvirt/qemu/nvram/openwisp_VARS.fd': Permission denied
Any ideas?
You don't mention which user is running the 'virt-install' commands.
I suggest to think about that.

https://wiki.debian.org/KVM says:
   In order to manage virtual machines as a regular user, that user
needs to be added to the libvirt group:
   # adduser <youruser> libvirt

On both machines, check that the user (who is running the virt-install
command) is a member of group=libvirt.

Run: groups | grep libvirt

I'm not sure if this is the answer, but it is the first thing I would check.
Also, test if that user can read the file openwisp_VARS.fd via its
full path.

On the broken machine, it fails even if I run it as root. Root isn't a member of libvirt on either machine, but root is root, so it shouldn't be getting permission denied either way. Perhaps the file is being created as libvirt-qemu, but the plain old libvirt user needs to access it too? That's the only thing I can think of, since root ignores permissions anyway.

I did try to `su` into the libvirt-qemu user, and the path was reachable via the full absolute path. I could create, modify, read, and delete files in that dir.

Some searching pointed to it being an AppArmor problem, but AA is enabled on both.

Matt Ventura

Reply to: