Quick update, I was able to get permissions fixed by using libvirt + xml to define the volumes instead, this lets me set the uid:gid for the volumes. Since my user is a part of the libvirt group anyways, I think it is just as secure?
On Fri, Jun 9, 2023 at 12:20 PM Cameron Showalter < cameronsplaze...@gmail.com> wrote: > Hi all, > > I'm stuck trying to figure out how to manage iso's in libvirt. It seems > like all `virsh --connect qemu:///system` commands work correctly, but > `virt-install --connect qemu:///system --osinfo detect=on,require=on` will > use libosinfo, which can't read volumes owned by root. > > ``` > (osdict:119) Error creating libosinfo media object: g-io-error-quark: > Failed to open file: Error opening file > /var/lib/libvirt/test/Win10_22H2_English_x64.iso: Permission denied (14) > # (Then the last line the output later on): > ERROR (cli:257) --os-variant/--osinfo OS name is required, but no value > was set or detected. > ``` > > The iso is a libvirt volume, created with `virsh --connect qemu:///system > vol-create-as` to be the same size as the iso, then data uploaded to it > with `virsh --connect qemu:///system vol-upload`. I read somewhere this was > the recommended way since it lets libvirt handle the permissions. > > I also saw after that the pool xml supports setting a owner/group ID, so I > tried creating a new pool with those set to my user (1000:1000), and > uploaded a volume to that. When I tried `ls -halt <pool>`, it showed the > volume itself is still owned by root so I still hit the same error. There's > no command in virsh I saw either to upload and respect the pool's > permissions. > > Do you know if I'm on the right track at least? Is there a better way to > manage iso and/or permissions? I'm writing a library, so I don't want it to > jump to root for chown/chmod the isos after uploading or anything similar. > (Which is why I was really hopeful with pools supporting uid:gid's, you > don't need sudo to set it in the xml). My user is added to the libvirt > group. > > Thanks for your time! > Cameron > >
