Hi, I have modified librbd to access for some data from a client local drive. I have tested it with FIO + librbd and it works fine when launched fio as root (as supposed to).
The problem is that when I try this with qemu-kvm I see in logs that open fails since "Operation not permitted". I've changed the /etc/libvirt/qemu.conf so qemu starts as user/group "root" and disabled the capabilities drop (clear_emulator_capabilities = 0). The results is that ps aux | grep qemu root 149981 7.4 0.5 10629632 691688 ? Sl 17:57 0:30 /usr/libexec/qemu-kvm -name TestVM,process=qemu:TestVM -S -machine pc-i440fx-rhel7.0.0,accel=kvm,usb=off -cpu S... cat /proc/149981/status | grep Cap CapInh: 0000000000000000 CapPrm: 0000001fffffffff CapEff: 0000001fffffffff CapBnd: 0000001fffffffff capsh --decode=0000001fffffffff 0x0000001fffffffff=cap_chown,cap_dac_override,cap_dac_read_search,cap_fowner,cap_fsetid,cap_kill,cap_setgid,cap_setuid,cap_setpcap,cap_linux_immutable,cap_net_bind_service,cap_net_broadcast,cap_net_admin,cap_net_raw,cap_ipc_lock,cap_ipc_owner,cap_sys_module,cap_sys_rawio,cap_sys_chroot,cap_sys_ptrace,cap_sys_pacct,cap_sys_admin,cap_sys_boot,cap_sys_nice,cap_sys_resource,cap_sys_time,cap_sys_tty_config,cap_mknod,cap_lease,cap_audit_write,cap_audit_control,cap_setfcap,cap_mac_override,cap_mac_admin,cap_syslog,35,36 scap -a | grep 149981 1 149981 root qemu:TestVM full But still no luck. I add additional opens for regular files and they OK. I can open file owned by non-root as well as root owned. However still cannot open block device. 2015-07-17 17:57:10.166489 7fe6bd068ac0 20 open /dev/nvme0n1. Error = Operation not permitted. It simply fails even if I chamod a+rw to the block device. Again, if I launch fio (as root), which uses the same library, capabilities are the same and everything works well. Right now I have no idea what is going on. No info in syslog. Can somebody suggest me what I shall try next? Thanks, maciej
