[Qemu-devel] Cannot open block device from library linked to Qemu-kvm

qemu-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-devel] Cannot open block device from library linked to Qemu-kvm

From:	Patelczyk, Maciej
Subject:	[Qemu-devel] Cannot open block device from library linked to Qemu-kvm
Date:	Fri, 17 Jul 2015 16:36:30 +0000

Hi,
I have modified librbd to access for some data from a client local drive. I
have tested it with FIO + librbd and it works fine when launched fio as root
(as supposed to).

The problem is that when I try this with qemu-kvm I see in logs that open fails
since "Operation not permitted".
I've changed the /etc/libvirt/qemu.conf so qemu starts as user/group "root" and
disabled the capabilities drop (clear_emulator_capabilities = 0).
The results is that

ps aux | grep qemu
root 149981 7.4 0.5 10629632 691688 ? Sl 17:57 0:30
/usr/libexec/qemu-kvm -name TestVM,process=qemu:TestVM -S -machine
pc-i440fx-rhel7.0.0,accel=kvm,usb=off -cpu S...

cat /proc/149981/status | grep Cap
CapInh: 0000000000000000
CapPrm: 0000001fffffffff
CapEff: 0000001fffffffff
CapBnd: 0000001fffffffff

capsh --decode=0000001fffffffff
0x0000001fffffffff=cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,35,36

scap -a | grep 149981
1 149981 root qemu:TestVM full

But still no luck. I add additional opens for regular files and they OK. I can
open file owned by non-root as well as root owned. However still cannot open
block device.

2015-07-17 17:57:10.166489 7fe6bd068ac0 20 open /dev/nvme0n1. Error = Operation
not permitted.

It simply fails even if I chamod a+rw to the block device.

Again, if I launch fio (as root), which uses the same library, capabilities are
the same and everything works well. Right now I have no idea what is going on.
No info in syslog.

Can somebody suggest me what I shall try next?

Thanks,
maciej

[Prev in Thread]

Current Thread

[Next in Thread]

[Qemu-devel] Cannot open block device from library linked to Qemu-kvm, Patelczyk, Maciej <=

Prev by Date: Re: [Qemu-devel] [PATCH 3/4] vhost-user: add protocol feature negotiation
Next by Date: Re: [Qemu-devel] [PATCH 0/4] vhost-user: protocol updates
Previous by thread: [Qemu-devel] [PATCH] target-arm: Fix arm_el_is_aa64() function to support EL2 and EL3
Next by thread: [Qemu-devel] [PATCH v3] raw-posix.c: Make physical devices usable in QEMU under Mac OS X host
Index(es):
- Date
- Thread