Permissions managing iso's with virsh vs libosinfo

Cameron Showalter cameronsplaze222 at gmail.com
Fri Jun 9 23:18:41 UTC 2023 

Quick update,

I was able to get permissions fixed by using libvirt + xml to define the
volumes instead, this lets me set the uid:gid for the volumes. Since my
user is a part of the libvirt group anyways, I think it is just as secure?


On Fri, Jun 9, 2023 at 12:20 PM Cameron Showalter <
cameronsplaze222 at gmail.com> wrote:

> Hi all,
>
> I'm stuck trying to figure out how to manage iso's in libvirt. It seems
> like all `virsh --connect qemu:///system` commands work correctly, but
> `virt-install --connect qemu:///system --osinfo detect=on,require=on` will
> use libosinfo, which can't read volumes owned by root.
>
> ```
> (osdict:119) Error creating libosinfo media object: g-io-error-quark:
> Failed to open file: Error opening file
> /var/lib/libvirt/test/Win10_22H2_English_x64.iso: Permission denied (14)
> # (Then the last line the output later on):
> ERROR (cli:257) --os-variant/--osinfo OS name is required, but no value
> was set or detected.
> ```
>
> The iso is a libvirt volume, created with `virsh --connect qemu:///system
> vol-create-as` to be the same size as the iso, then data uploaded to it
> with `virsh --connect qemu:///system vol-upload`. I read somewhere this was
> the recommended way since it lets libvirt handle the permissions.
>
> I also saw after that the pool xml supports setting a owner/group ID, so I
> tried creating a new pool with those set to my user (1000:1000), and
> uploaded a volume to that. When I tried `ls -halt <pool>`, it showed the
> volume itself is still owned by root so I still hit the same error. There's
> no command in virsh I saw either to upload and respect the pool's
> permissions.
>
> Do you know if I'm on the right track at least? Is there a better way to
> manage iso and/or permissions? I'm writing a library, so I don't want it to
> jump to root for chown/chmod the isos after uploading or anything similar.
> (Which is why I was really hopeful with pools supporting uid:gid's, you
> don't need sudo to set it in the xml). My user is added to the libvirt
> group.
>
> Thanks for your time!
> Cameron
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/virt-tools-list/attachments/20230609/f8c235db/attachment.htm>

More information about the virt-tools-list mailing list