search

foxlet / macOS-Simple-KVM

Tools to set up a quick macOS VM in QEMU, accelerated by KVM.
13.61k stars 1.14k forks source link

Permission Denied when trying to start using virt-manager (Arch) #45

Open badmark opened 5 years ago

badmark commented 5 years ago

Runs fine when I just run basic.sh, but when I try to start it in virt-manager I get the following error:

Error starting domain: Cannot access storage file '~/macOS-Simple-KVM/ESP.qcow2' (as uid:65534, gid:992): Permission denied

aspicer commented 5 years ago

Yes this was a little bit of a pain.

You need to make sure the file is accessible to your qemu user (might have a different name based on your setup) from the root of your filesystem.

Lots of ways to do this - easiest is to move it out of your home directory to something higher up and set permissions.

badmark commented 5 years ago

What permissions do I give it? I chmod 755/777 and chown'd to myself but still get this error.

aspicer commented 5 years ago

Try ugo+rx. Test that the qemu user can access the file with: sudo -u qemu file /path/to/file

polynomialspace commented 5 years ago

If you're using SELinux or Apparmor it may be blocking access. Spent an hour trying to figure out why I was getting permission errors on the firmware files before realizing this.

adrianlshaw commented 5 years ago

Another possible option is to modify the make script so that the disk image(s) get copied to Libvirt's default location (e.g. /var/lib/libvirt/images/). This might save a lot of time messing with the system policy or doing something bad (like disabling SELinux).

jessechahal commented 5 years ago

@badmark ever git this resolved? Can you post what solution you used? I have heard of one possible solution of adding your own user to a virtmanager group of some sort although I'm still investigating. It wasn't a solution to this specific problem but supposedly helped reduce permission issues

GiorgioGhisotti commented 5 years ago

@jessechahal I had the same problem and solved it by copying the folder over to /var/lib/libvirt/images like @adrianlshaw suggested.

It may have something to do with ownership but simply changing ownership to root just gave me permission problems for other files. Copying it to the images folder is the easiest solution as far as I can tell.

badmark commented 5 years ago

The entire folder? I moved the image then got firmware errors.

GiorgioGhisotti commented 5 years ago

Yes, the entire folder. Also you need to checkout the correct firmware, there's another issue that describes that https://github.com/foxlet/macOS-Simple-KVM/issues/15

PierrickV commented 4 years ago

Hello,

I had the same issue that I managed to solve.

My notes on this (Ubuntu 19.10) :

sudo chown libvirt-qemu: /var/lib/libvirt/images/BaseSystem.img
sudo chown libvirt-qemu: /var/lib/libvirt/images/macosdisk.qcow2
sudo ls -lah /var/lib/libvirt/images/
total 49G
drwx--x--x 2 root         root 4,0K déc.   7 15:02 .
drwxr-xr-x 7 root         root 4,0K déc.   9 14:09 ..
-rw-r--r-- 1 libvirt-qemu kvm  2,0G déc.   9 14:26 BaseSystem.img
-rw------- 1 libvirt-qemu kvm   47G déc.   9 14:43 macosdisk.qcow2
    <disk type='file' device='disk'>
      <driver name='qemu' type='qcow2'/>
      <source file='/opt/macOS-Simple-KVM/ESP.qcow2'/>
      <target dev='sda' bus='sata'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>
    <disk type='file' device='disk'>
      <driver name='qemu' type='qcow2'/>
      <source file='/var/lib/libvirt/images/macosdisk.qcow2'/>
      <target dev='sdb' bus='sata'/>
      <address type='drive' controller='0' bus='0' target='0' unit='1'/>
    </disk>
    <disk type='file' device='disk'>
      <driver name='qemu' type='raw'/>
        <source file='/var/lib/libvirt/images/BaseSystem.img'/>
      <target dev='sdc' bus='sata'/>
      <address type='drive' controller='0' bus='0' target='0' unit='2'/>
    </disk>
sudo -u libvirt-qemu file /var/lib/libvirt/images/macosdisk.qcow2 \
 /var/lib/libvirt/images/BaseSystem.img \
 /opt/macOS-Simple-KVM/firmware/OVMF_CODE.fd  \
/opt/macOS-Simple-KVM/firmware/OVMF_VARS-1024x768.fd

/var/lib/libvirt/images/macosdisk.qcow2:              QEMU QCOW2 Image (v3), 68719476736 bytes
/var/lib/libvirt/images/BaseSystem.img:               DOS/MBR boot sector; partition 1 : ID=0xee, start-CHS (0x3ff,254,63), end-CHS (0x3ff,254,63), startsector 1, 4187063 sectors, extended partition table (last)
/opt/macOS-Simple-KVM/firmware/OVMF_CODE.fd:          data
/opt/macOS-Simple-KVM/firmware/OVMF_VARS-1024x768.fd: data

Thanks for this project @foxlet

mikekenyon99 commented 4 years ago

I'm getting the error:

cannot open '/opt/macOS-Simple-KVM/firmware/OVMF_CODE.fd'
cannot open 'cannot open `/opt/macOS-Simple-KVM/firmware/OVMF_VARS-1024x768.fd'

when I use the sudo -u command as described in your last post?? Permissions are: Screenshot from 2020-03-05 22-18-06

PierrickV commented 4 years ago

@mikekenyon99 In the first command sudo -u : you are looking at a file in /opt/ but in the second one ls -lt you are in /home/.

I don't think that libvirt-qemu is allowed to access /home/, that's why I recommend you to use /opt/.

Try:

mv ~/Documents/Linux/MacOS-Simple-KVM-master/ /opt/macOS-Simple-KVM

Then verify again with:

sudo -u libvirt-qemu file /var/lib/libvirt/images/macosdisk.qcow2 \
 /var/lib/libvirt/images/BaseSystem.img \
 /opt/macOS-Simple-KVM/firmware/OVMF_CODE.fd  \
/opt/macOS-Simple-KVM/firmware/OVMF_VARS-1024x768.fd
mikekenyon99 commented 4 years ago

doh! sorry.

Mike

gtomadness commented 4 years ago

Hey guys I have figured it out, whether it is security sound or not but what i did was add 65543 to ownership of my file path were it said it could not get past. My file path was /run/media/marvin/macOS/macOS-kvm so it was denied after media so I did a chown 65543 marvin and then it worked again. Since i have it on an external drive i didnt want to put the file in my var/lib/libvirt/images path.

mrweiner commented 3 years ago

This fixed the issue for me on a mounted drive https://github.com/jedi4ever/veewee/issues/996#issuecomment-375931044. Basically, libvert needs access to the mounted disk (or the local directory) containing the qcow file.

sudo setfacl -m u:libvirt-qemu:rx /path/to/parent/dir -- in my case sudo setfacl -m u:libvirt-qemu:rx /mnt/8507e619-7551-4395-9332-7f39f93147f2

chaseadam commented 3 years ago

My file path was /run/media/marvin/macOS/macOS-kvm so it was denied after media so I did a chown 65543 marvin and then it worked again.

I ran into this error when attempting to use a mount managed by Gnome, which puts it under /run/media/<username>. On Fedora 33 this directory has an ACL mask on it which I believe is problematic. I moved the mount to /mnt via fstab file and it is working for me now. (I had previously set root ownership and SELinux contexts)

sudo semanage fcontext -a -t virt_image_t <directory>
sudo restorecon -Rv <directory>
cgvirus commented 3 years ago

I did this:

sudo adduser `id -un` libvirtd
sudo adduser `id -un` kvm
sudo adduser `id -un` libvirt-qemu
sudo adduser `id -un` libvirt-dnsmasq

Then in terminal (only once): sudo virt-manager

now add storage: MyDisk.qcow2

It will ask to fix permission. Say yes.

Now close virt-manager. And start as user without sudo.

DoniiYT commented 3 years ago

hi there! i have the same problem and i actually dont know how to fix it... i am a noob in Linux and maybe i made something wrong and its easy to fix, could pls someone help me?

Discord DONIIyt #6941

hockeymikey commented 2 years ago

I fixed this by running virt manager as root too, then importing the disk in question into a new VM where is offered to fixed the permisions, then I said yes and then I cancelled the new vm creation. Not sure what it modified, there is a "+" next to those directories in question but it's fixed.

Wotan6891 commented 2 years ago

hello. change the macOS-Simple-KVM folder to my personal folder. but I'm still having problems. now I have this error: Error starting domain: operation failed: unable to find any master var store for loader: /root/macOS-Simple-KVM/firmware/OVMF_CODE.fd

Wotan6891 commented 2 years ago

already solved. change the paths of the files using xml in the virtual machine manager.

but now it runs and i see the macos installer again

kdevg0 commented 1 year ago

already solved. change the paths of the files using xml in the virtual machine manager.

but now it runs and i see the macos installer again

Ah, thank you. Your post here solved my issue.

lepras commented 1 year ago

SE linux / App Armour issues.

move OVMF_CODE.fd to /var/lib/libvirt

and change in xml.