Solved KVM Machine doesn't start due to permissions

[f33dm3bits]

Are those directories in /media/anon/8TB all different storage pools and can you share the output of "ls -l /media/anon/ssd"?

 

[tinfoil-hat]

Are those directories in /media/anon/8TB all different storage pools and can you share the output of "ls -l /media/anon/ssd"?

/media/anon/ssd
is an old mountpoint of a ssd that isnt build in anymore. it was the first image on this HDD

 

[f33dm3bits]

On my system the vm's run as the qemu user so the qemu user needs to be able to write to the qcow2 images. Looking at your output.

drwxrwxrwx 5 anon kvm 4096 Apr 5 10:52 language-models

That directory is owned by anon, since the vm on your system is most likely running as a qemu user too I would try changing the permission of that to either "root:kvm" or "libvirt-qemu:kvm" If that doesn't work if may be useful to check what user is running the process when one a working vm boots.

ps -o user= -p (followed by pid)

 

[tinfoil-hat]

On my system the vm's run as the qemu user so the qemu user needs to be able to write to the qcow2 images. Looking at your output.

That directory is owned by anon, since the vm on your system is most likely running as a qemu user too I would try changing the permission of that to either "root:kvm" or "libvirt-qemu:kvm" If that doesn't work if may be useful to check what user is running the process when one a working vm boots.

ps -o user= -p (followed by pid)
[CODE]

I gave up on this, I am in the middle of installing said software on my hostmachine

 

[tinfoil-hat]

If someone comes up with a solution, I'd try to fix it another time, for everyone that has the same problem

 

[f33dm3bits]

What distribution I are you running, I will try to see if I can replicate it within a virtual system?

 

[tinfoil-hat]

What distribution I are you running, I will try to see if I can replicate it within a virtual system?

Linux Mint Cinnamon 21.1

 

[tinfoil-hat]

What distribution I are you running, I will try to see if I can replicate it within a virtual system?

maybe it's relevant maybe not. But my HDD is encrypted and I mount it manually via:

sudo cryptsetup luksOpen /dev/sda crypt
sudo mount /dev/mapper/crypt /media/anon/8TB/

 

[tinfoil-hat]

Don't know if it's permitted here, but
"bump"

 

[KGIII]

Don't know if it's permitted here, but
"bump"

It won't get you banned by itself, or even a time out. But, some folks will consider it unnecessary and rude.

We're still a small forum. Everyone that's likely to be able to help will have seen your post.

 

[f33dm3bits]

maybe it's relevant maybe not. But my HDD is encrypted and I mount it manually via:

sudo cryptsetup luksOpen /dev/sda crypt
sudo mount /dev/mapper/crypt /media/anon/8TB/

It's not relevant since you are just mounting a decrypted filesystem on a local mount location.

Don't know if it's permitted here, but
"bump"

I haven't had the time until now to try it myself. I installed qemu within a vm and every single path change and where I placed my vm started without any issues. Then I noticed this in the output your shared earlier.

anon@navi [11:38:31] [~]
-> % ls -ll /media/
insgesamt 4
drwxr-x---+ 7 root root 4096 Mär 20 19:39 anon

I changed that directory to root:root as well and then I got the same error as you. Can you share the output of the following commands?

ls -l / | grep media
getfacl /media/anon

 

[tinfoil-hat]

It's not relevant since you are just mounting a decrypted filesystem on a local mount location.

I haven't had the time until now to try it myself. I installed qemu within a vm and every single path change and where I placed my vm started without any issues. Then I noticed this in the output your shared earlier.

I changed that directory to root:root as well and then I got the same error as you. Can you share the output of the following commands?

ls -l / | grep media
getfacl /media/anon

sure

anon@navi [19:40:44] [~] 
-> % ls -l / | grep media
drwxr-xr-x   3 root root       4096 Mär 11 17:41 media

anon@navi [19:40:46] [~] 
-> % getfacl /media/anon
getfacl: Entferne führende '/' von absoluten Pfadnamen
# file: media/anon
# owner: root
# group: root
user::rwx
user:anon:r-x
group::---
mask::r-x
other::---

 

[f33dm3bits]

Run the following command.

sudo setfacl -m u:libvirt-qemu:rx /media/anon

Your vm should then be able to start without getting a permission error.

 

[tinfoil-hat]

Run the following command.

sudo setfacl -m u:libvirt-qemu:rx /media/anon

Your vm should then be able to start without getting a permission error.

This did the trick. what exactly did this command do?

 

[f33dm3bits]

This did the trick. what exactly did this command do?

The last command I asked you to share the output was the following.

anon@navi [19:40:46] [~] 
-> % getfacl /media/anon
getfacl: Entferne führende '/' von absoluten Pfadnamen
# file: media/anon
# owner: root
# group: root
user::rwx
user:anon:r-x
group::---
mask::r-x
other::---

Which showed me that the user(libvirt-qemu) that starts/runs the vm's doesn't have access to the path where the vm's are located at because that directory is closed off.
I saw that here.

anon@navi [11:38:31] [~] 
-> % ls -ll /media/     
insgesamt 4
drwxr-x---+ 7 root root 4096 Mär 20 19:39 anon

The + sign means there are acl's active on that directory, I have no idea why you put acl's on that directory. So what the command did which I asked you to run is place add acl permissions for the libvirt-qemu user to be able to access that directory. If you had changed that directory to 755 it would have worked as well and it can't hurt to do that because I'm assuming you are the only user on your system.