Libvirtd/virsh creates volumes inaccessable to qemu_kvm

luttermann · October 9, 2023, 11:00am

I keep getting the wrong permissions on created volumes when using libvirt and I’m at a loss to how to change the behaviour! Newly created volumes have 0600 with root:root as owner, this results in qemu now beeing able to read/write the disk, so the VM can’t start.

Procedure for creating the problem.

Creating a new pool

# export VIRSH_DEFAULT_CONNECT_URI=qemu:///system

# mkdir /VMs/testpool
# chown qemu-libvirtd:libvirtd /VMs/testpool
# chmod 775 /VMs/testpool

# virsh pool-create-as --name testpool --type dir --target /VMs/testpool
Pool testpool created

# virsh pool-dumpxml --pool testpool
<pool type='dir'>
  <name>testpool</name>
  <uuid>dd3bb6a8-549b-4083-b2d6-f174ac8b0c19</uuid>
  <capacity unit='bytes'>680940953600</capacity>
  <allocation unit='bytes'>326689382400</allocation>
  <available unit='bytes'>354251571200</available>
  <source>
  </source>
  <target>
    <path>/VMs/testpool</path>
    <permissions>
      <mode>0775</mode>
      <owner>301</owner>
      <group>67</group>
    </permissions>
  </target>
</pool>

# ls -lhd /VMs/testpool 
drwxrwxr-x 2 qemu-libvirtd libvirtd 4.0K Oct  9 11:19 /VMs/testpool

Untill now everything is afaik as it should be, but when creating a volume in the newly created pool the permissions are wrong.

Creating a new volume in the pool:


virsh # vol-create-as --pool testpool --format qcow2 testvol.qcow2 10G
Vol testvol.qcow2 created

virsh # vol-dumpxml --pool testpool testvol.qcow2
<volume type='file'>
  <name>testvol.qcow2</name>
  <key>/VMs/testpool/testvol.qcow2</key>
  <capacity unit='bytes'>10737418240</capacity>
  <allocation unit='bytes'>200704</allocation>
  <physical unit='bytes'>196768</physical>
  <target>
    <path>/VMs/testpool/testvol.qcow2</path>
    <format type='qcow2'/>
    <permissions>
      <mode>0600</mode>
      <owner>0</owner>
      <group>0</group>
    </permissions>
    <timestamps>
      <atime>1696843414.147768773</atime>
      <mtime>1696843414.145768761</mtime>
      <ctime>1696843414.147768773</ctime>
      <btime>0</btime>
    </timestamps>
  </target>
</volume>


# ls -lh /VMs/testpool
total 196K
-rw------- 1 root root 193K Oct  9 11:23 testvol.qcow2

As you can see the new volumen isn’t accessable for qemu-libvirtd:libvirtd as it sould be, I can use virsh vol-delete to delete the volume, but thats all I can do!

Please help!