[libvirt] possible 0.9.8 regression?

Jim Fehlig jfehlig at suse.com
Tue Dec 20 15:59:48 UTC 2011 

xhu wrote:
> On 12/16/2011 11:33 AM, Jim Fehlig wrote:
>> Hi All,
>>
>> I've noticed a regression in libvirt 0.9.8 on some of my kvm test machines
>>
>> # virsh start opensuse12
>> error: Failed to start domain opensuse12
>> error: Cannot open network interface control socket: Permission denied 
> For I can't reproduce it on my machine with 0.9.8, can you provide me
> the detailed steps?

Nothing special, basic domain config using file-backed disk and
connecting to a bridge.

> Also your os, libvirt, qemu-kvm and kernel version?

Yeah, it has something to do with the kernel, glibc, or other such
component.  qemu-kvm isn't the problem as the error occurs before it is
invoked.

kernel 3.1.0, glibc  2.14.1 (openSUSE12.1):
With libvirt 0.9.7, starting the domain works.  This version of libvirt
opens control socket with 'socket(AF_INET, SOCK_STREAM, 0)'.  With
libvirt 0.9.8, the domain does not start.  In this version, the control
socket is opened with 'socket(AF_PACKET, SOCK_DGRAM, 0)', which fails
with EACCES.

kernel 3.0.13, glibc 2.11.3 (SLES11 SP2):
Regression between libvirt 0.9.7 and 0.9.8 not observed.

Initially, I assumed the bug was in glibc.  But I can open packet(7)
sockets in a test program running as uid=euid=0, just not within
libvirtd running with same privileges.

Regards,
Jim



> Thanks!
>> Opening a control socket for setting MAC addr, etc. failed with EACCES. 
>> In 0.9.7, the socket was opened with domain AF_INET, type SOCK_STREAM,
>> which of course works on this system.  In 0.9.8, the socket is opened
>> with AF_PACKET, SOCK_DGRAM.  Interestingly, a small test program calling
>> 'socket(AF_PACKET, SOCK_DGRAM, 0)' works on this system.
>>
>> libvirt is built with '--without-capng --without-apparmor
>> --without-selinux' and libvirtd is running with uid=euid=0. 
>>
>> I'm really baffled why this fails in libvirtd but works otherwise.  Any
>> ideas?
>>
>> Thanks,
>> Jim
>>
>>     
>>
>>
>> --
>> libvir-list mailing list
>> libvir-list at redhat.com
>> https://www.redhat.com/mailman/listinfo/libvir-list
>

More information about the libvir-list mailing list