76f3b2988b
This problem is reproducible only with secret driver. When starting a domain via virt-qemu-run and both secret and (nonexistent) root directory specified this is what happens: 1) virt-qemu-run opens "secret:///embed?root=$rootdir" connection, which results in the secret driver initialization (done in secretStateInitialize()). During this process, the driver creates its own configDir (derived from $rootdir) including those parents which don't exists yet. This is all done with the mode S_IRWXU and thus results in the $rootdir being created with very restrictive mode (specifically, +x is missing for group and others). 2) now, virt-qemu-run opens "qemu:///embed?root=$rootdir" and calls virDomainCreateXML(). This results in the master-key.aes being written somewhere under the $rootdir and telling qemu where to find it. But because the secret driver created $rootdir with too restrictive mode, qemu can't access the file (even though it knows the full path) and fails to start. It looks like the best solution is to pre-create the root directory before opening any connection (letting any driver initialize itself) and set its mode to something less restrictive. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1859873 Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Libvirt API for virtualization
Libvirt provides a portable, long term stable C API for managing the virtualization technologies provided by many operating systems. It includes support for QEMU, KVM, Xen, LXC, bhyve, Virtuozzo, VMware vCenter and ESX, VMware Desktop, Hyper-V, VirtualBox and the POWER Hypervisor.
For some of these hypervisors, it provides a stateful management daemon which runs on the virtualization host allowing access to the API both by non-privileged local users and remote users.
Layered packages provide bindings of the libvirt C API into other languages including Python, Perl, PHP, Go, Java, OCaml, as well as mappings into object systems such as GObject, CIM and SNMP.
Further information about the libvirt project can be found on the website:
License
The libvirt C API is distributed under the terms of GNU Lesser General Public License, version 2.1 (or later). Some parts of the code that are not part of the C library may have the more restrictive GNU General Public License, version 2.0 (or later). See the files COPYING.LESSER and COPYING for full license terms & conditions.
Installation
Instructions on building and installing libvirt can be found on the website:
https://libvirt.org/compiling.html
Contributing
The libvirt project welcomes contributions in many ways. For most components the best way to contribute is to send patches to the primary development mailing list. Further guidance on this can be found on the website:
https://libvirt.org/contribute.html
Contact
The libvirt project has two primary mailing lists:
- libvirt-users@redhat.com (for user discussions)
- libvir-list@redhat.com (for development only)
Further details on contacting the project are available on the website: