Closed gesielbernardes closed 2 years ago
abbbi
commented
2 years ago seems libvirt is unable to create the scratch file required during backup due to permission errors. Try passing another path using the --scratchdir option Check your /var/log/audit.log, maybe SELinux. Havent seen this happen without apparmor so it must either be a configuration or libvirt issue.
abbbi
commented
2 years ago Check the logfiles in /var/log/libvirt/qemu/ too, the scratch file is created by the qemu process. Maybe your qemu process does not have write access to /var/tmp/.
gesielbernardes
commented
2 years ago Hi, I'm still having the same problem :-(
Below are more details about this error:
=> /var/log/syslog:
May 10 11:30:01 tcnvh12 libvirtd[28853]: libvirt version: 7.0.0, package: 3 (Andrea Bolognani eof@kiyuko.org Fri, 26 Feb 2021 16:46:34 +0100) May 10 11:30:01 tcnvh12 libvirtd[28853]: hostname: tcnvh12 May 10 11:30:01 tcnvh12 libvirtd[28853]: Domain id=3 name='one-8' uuid=0c214241-042c-4c05-a24c-0d717cd825b9 is tainted: custom-hypervisor-feature May 10 11:30:01 tcnvh12 systemd[1]: Started Virtual Machine qemu-3-one-8. May 10 11:30:05 tcnvh12 kernel: [ 6377.737274] kvm [29137]: vcpu0, guest rIP: 0xffffffff8fc6b2b4 disabled perfctr wrmsr: 0xc2 data 0xffff May 10 11:30:44 tcnvh12 libvirtd[28853]: internal error: unable to execute QEMU "blockdev-add": Could not open '/var/tmp/backup.UWXYN.vda': Permission denied May 10 11:30:44 tcnvh12 libvirtd[28853]: File '/var/tmp/backup.UWXYN.vda' not accessible: File or directory does not exist May 10 11:30:44 tcnvh12 libvirtd[28853]: Unable to tear down cgroup access on /var/tmp/backup.UWXYN.vda
=> AppArmor disabled:
# cat /sys/module/apparmor/parameters/enabled N
More info:
Any idea where I can look?
abbbi
commented
2 years ago Does /var/log/kern.log offer any audit related log entries? Has libvirtd been restarted after disabling apparmor? Are there still any rules existant in /etc/apparmor.d/libvirt/?
Which security driver is set in /etc/libvirt/qemu.conf?
Following logline looks strange too:
libvirtd[28853]: **Unable to tear down cgroup access on /var/tmp/backup.UWXYN.vda**
gesielbernardes
commented
2 years ago Hi @abbbi,
I found what causes the problem: Some modification/configuration done by Opennebula. I tested in Rocky Linux (Centos 8) and had the same problem. Even using virt-manager to create VM, the error is the same. I will check with Opennebula team about any solution for this problem, and If it works, I'll post the solution here.
gesielbernardes
commented
2 years ago Hi @abbbi , I again!
I think that found a clue: The scratch file is created with "root" owner and 600 permission; But qemu/libvirt running as a user of Opennebula (oneadmin). Then is generated the error.
I think that to backup work will be necessary that the user that executes Qemu needs permission to access the scratch file, correct?
If running virtnbdbackup as "oneadmin" the scratch file is created as root owner too. Any idea about how to proceed?
gesielbernardes
commented
2 years ago Hi,
The problem are solved: Set "dynamic_ownership = 1" in /etc/libvirt/qemu.conf
abbbi
commented
2 years ago Hi,
The problem are solved: Set "dynamic_ownership = 1" in /etc/libvirt/qemu.conf
thanks for the feedback, yes, opennebula alters the qemu configuration.
Hi,
I tried using in Debian 11 where AppArmor was removed. I have this error:
libvirt.libvirtError:internal error: could not execute command QEMU "blockdev-add": Could not open '/var/tmp/backup.EAWMR.vda': Permission denied
I saw this error in #7 , but in this case, AppArmor is not present. Any idea?