Bug ID 1125665
Summary libvirt regression: can't start domains in qemu:///session -- prctl failed to enable 'dac_override' in the AMBIENT set
Classification openSUSE
Product openSUSE Tumbleweed
Version Current
Hardware Other
OS openSUSE Factory
Status NEW
Severity Major
Priority P5 - None
Component Virtualization:Other
Assignee virt-bugs@suse.de
Reporter javispedro@gmail.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

User-Agent:       Mozilla/5.0 (X11; Linux x86_64; rv:65.0) Gecko/20100101
Firefox/65.0
Build Identifier: 

This is regression in the current version of the libvirt package. The following
patch was pulled from upstream in the package about 8 days ago:

a2d3dea9-qemu-caps-dac-override-sev.patch

This patch makes libvirt ask for the 'dac_override' capability during domain
startup. This capability will NOT be granted to a non-root qemu, so libvirt
aborts. 

I have manually verified that removing this patch from libvirt package fixes
the issue and I can start my qemu:///session domains normally. 

My impression is that this capability should only be asked if getuid == 0.

Reproducible: Always

Steps to Reproduce:
1. Create a "qemu user session" libvirt VM using any of the available tools
(GNOME Boxes, virt-manager, etc.)
2. Start that VM either from the GUI or through 'virsh -c qemu:///session start
$VM'
Actual Results:  
libvirt:  Error : prctl failed to enable 'dac_override' in the AMBIENT set:
Operation not permitted


I am not sure whether I should report this bug upstream too, as I'm not sure
the issue happens on other distros. Tumbleweed is the only one I have whether
this patch is currently merged.

You are receiving this mail because: