As I was asked to verify behavior on non-xattr systems as well I used one
mounted like:
/dev/nvme0n1p3 on /var/lib/uvtool/libvirt/images type ext4
(rw,relatime,nouser_xattr)
We see that even that isn't a showstopper as it is user_attrs and libvirtd runs
as root.
# getfattr -d -m . /var/lib/uvtool/libvirt/images/focal.qcow
getfattr: Removing leading '/' from absolute path names
# file: var/lib/uvtool/libvirt/images/focal.qcow
trusted.libvirt.security.dac="+0:+100"
trusted.libvirt.security.ref_dac="1"
trusted.libvirt.security.timestamp_dac="1593600755"
I also used an ext2 which might support less attributes
/dev/nvme0n1p3 on /var/lib/uvtool/libvirt/images type ext2
(rw,relatime,nouser_xattr)
But that still can store the xattr.
We don't build kernels without xattr to force it that way.
So finally I took a FS that can't do ownerships well in general.
/dev/nvme0n1p3 on /var/lib/uvtool/libvirt/images type vfat
(rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
But that isn't able to be used (permission errors) if not at the right group
right away:
-rwxr-xr-x 1 root root 245104640 Jul 16 11:11
/var/lib/uvtool/libvirt/images/focal.qcow*
root@node-horsea:~# virsh start focal
error: Failed to start domain focal
error: internal error: process exited while connecting to monitor:
2020-07-16T11:48:55.976986Z qemu-system-x86_64: -blockdev
{"node-name":"libvirt-2-format","read-only":false,"driver":"qcow2","file":"libvirt-2-storage","backing":"libvirt-3-format"}:
Could not reopen file: Permission denied
id libvirt-qemu
uid=64055(libvirt-qemu) gid=115(kvm)
groups=115(kvm),117(libvirt),64055(libvirt-qemu)
Mounted as the required user we can use it and it is not changing IDs in anyway
(while running at non xattr FS)
/dev/nvme0n1p3 on /var/lib/uvtool/libvirt/images type vfat
(rw,relatime,uid=64055,gid=115,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro)
root@node-horsea:~# ll /var/lib/uvtool/libvirt/images/focal.qcow
-rwxr-xr-x 1 libvirt-qemu kvm 245104640 Jul 16 11:11
/var/lib/uvtool/libvirt/images/focal.qcow*
root@node-horsea:~# virsh start focal
Domain focal started
root@node-horsea:~# ll /var/lib/uvtool/libvirt/images/focal.qcow
-rwxr-xr-x 1 libvirt-qemu kvm 245104640 Jul 16 11:51
/var/lib/uvtool/libvirt/images/focal.qcow*
root@node-horsea:~# virsh shutdown focal
Domain focal is being shutdown
root@node-horsea:~# ll /var/lib/uvtool/libvirt/images/focal.qcow
-rwxr-xr-x 1 libvirt-qemu kvm 246546432 Jul 16 11:52
/var/lib/uvtool/libvirt/images/focal.qcow*
I think that covers all combinations that come to mind, excluding those only
available in non-Ubuntu kernels.
** Tags removed: verification-needed verification-needed-focal
** Tags added: verification-done verification-done-focal
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/691590
Title:
libvirt restore exactly the old ownership of images
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/691590/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
