28.6 C
Jaipur
Sunday, August 1, 2021

[Solved] Cannot access storage file, Permission denied Error in KVM Libvirt

Must read

Today, I started my Arch Linux virtual machine using virsh start command and ended up with this error – Failed to start domain 'Archlinux_default' error: Cannot access storage file '/home/sk/.local/share/libvirt/images/Archlinux_default.img' (as uid:107, gid:107): Permission denied. It is actually a Vagrant machine created with KVM Libvirt provider.

Then, I tried again to start the VM using vagrant up command. It also displayed the same error.

 Bringing machine 'default' up with 'libvirt' provider…
 ==> default: Checking if box 'archlinux/archlinux' version '20210601.24453' is up to date…
 ==> default: Starting domain.
 There was an error talking to Libvirt. The error message is shown
 below:
 Call to virDomainCreateWithFlags failed: Cannot access storage file '/home/sk/.local/share/libvirt/images/Archlinux_default.img' (as uid:107, gid:107): Permission denied
Failed to start domain, cannot access storage file, permission denied error

Just to be sure, I tried one more time to start the VM from Virt-manager GUI application. This time also it did return the same error.

Failed to start domain, cannot access storage file, permission denied error in virt-manager
Failed to start domain, cannot access storage file, permission denied error in virt-manager

All the error messages explicitly says that the the qemu user does not have read permission to the Libvirt storage directory.

In this brief tutorial, allow me to show you how to fix “error: Failed to start domain … error: Cannot access storage file …. (as uid:107, gid:107): Permission denied” in KVM Libvirt.

Fix “Cannot access storage file, Permission denied Error” in KVM Libvirt

This is one of the common KVM Libvirt error. This error will usually occur after changing path of the Libvirt’s default storage directory.

A few days ago, I moved the Libvirt storage location to my $HOME directory. That’s why I get this error.

We can fix it in two ways.

Method 1:

Step 1: Edit /etc/libvirt/qemu.conf file:

$ sudo nano /etc/libvirt/qemu.conf

Step 2: Find the user and group directives. By default, both are set to "root".

 [...] 
 Some examples of valid values are:
 #
 user = "qemu"   # A user named "qemu"
 user = "+0"     # Super user (uid=0)
 user = "100"    # A user named "100" or a user with uid=100
 #
 #user = "root"
 The group for QEMU processes run by the system instance. It can be
 specified in a similar way to user.
 #group = "root"
 [...]

Uncomment both lines and replace root with your username and group with libvirt as shown below:

 [...] 
 Some examples of valid values are:
 #
 user = "qemu"   # A user named "qemu"
 user = "+0"     # Super user (uid=0)
 user = "100"    # A user named "100" or a user with uid=100
 #
 user = "sk"
 The group for QEMU processes run by the system instance. It can be
 specified in a similar way to user.
 group = "libvirt"
 [...]
Configure user and group for kvm libvirt
Configure user and group for kvm libvirt

Press CTRL+O and press ENTER to save the changes and press CTRL+X to exit the file.

Step 3: Restart libvirtd service:

$ sudo systemctl restart libvirtd

Step 4: Please make sure the user is a member of the libvirt group. If not, add the user to libvirt group using command:

$ sudo usermod -a -G libvirt $(whoami)

Step 5: Finally start the VM:

$ virsh start

If you prefer to use vagrant, run this instead:

$ vagrant up

This time the Virtual machine should start.

Step 6: Check the VM status:

$ virsh list

Or,

$ vagrant status
Check kvm libvirt virtual machine status
Check kvm libvirt virtual machine status

Method 2:

The another to way to fix KVM Libvirt permission issue is by setting proper ACL permission to the Libvirt storage pool directory. In my case, my storage pool directory is located in $HOME directory.

Step 1: Let us get the current ACL permissions to the $HOME directory.

$ sudo getfacl -e /home/sk/

Sample output:

 getfacl: Removing leading '/' from absolute path names
 file: home/sk/
 owner: sk
 group: sk
 user::rwx
 user:qemu:--x            #effective:--x
 group::---            #effective:---
 mask::--x
 other::---

As you see in the above output, the qemu user doesn’t has read permission to the storage pool location. In some distributions, the user name might be libvirt-qemu.

Step 2: Set the read and executable permission for the user qemu using command:

$ sudo setfacl -m u:qemu:rx /home/sk/

Replace qemu and /home/sk/ with your own.

Now, the qemu user has read and executable permission over the storage pool directory. You can verify it using command:

$ sudo getfacl -e /home/sk/

Sample output:

 getfacl: Removing leading '/' from absolute path names
 file: home/sk/
 owner: sk
 group: sk
 user::rwx
 user:qemu:r-x            #effective:--x
 group::---            #effective:---
 mask::--x
 other::---

Step 3: Restart libvirtd service:

$ sudo systemctl restart libvirtd

Now the Libvirt guest machines will start without any issue.

Conclusion

In this guide, we discussed why we get “cannot access storage file permission denied” error in KVM libvirt and how to fix it in two different ways in Linux.

Source link

- Advertisement -

More articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisement -

Latest article