Daniel P. Berrange wrote: > On Tue, Dec 20, 2011 at 08:59:48AM -0700, Jim Fehlig wrote: > >> xhu wrote: >> >>> On 12/16/2011 11:33 AM, Jim Fehlig wrote: >>> >>>> Hi All, >>>> >>>> I've noticed a regression in libvirt 0.9.8 on some of my kvm test machines >>>> >>>> # virsh start opensuse12 >>>> error: Failed to start domain opensuse12 >>>> error: Cannot open network interface control socket: Permission denied >>>> >>> For I can't reproduce it on my machine with 0.9.8, can you provide me >>> the detailed steps? >>> >> Nothing special, basic domain config using file-backed disk and >> connecting to a bridge. >> >> >>> Also your os, libvirt, qemu-kvm and kernel version? >>> >> Yeah, it has something to do with the kernel, glibc, or other such >> component. qemu-kvm isn't the problem as the error occurs before it is >> invoked. >> >> kernel 3.1.0, glibc 2.14.1 (openSUSE12.1): >> With libvirt 0.9.7, starting the domain works. This version of libvirt >> opens control socket with 'socket(AF_INET, SOCK_STREAM, 0)'. With >> libvirt 0.9.8, the domain does not start. In this version, the control >> socket is opened with 'socket(AF_PACKET, SOCK_DGRAM, 0)', which fails >> with EACCES. >> >> kernel 3.0.13, glibc 2.11.3 (SLES11 SP2): >> Regression between libvirt 0.9.7 and 0.9.8 not observed. >> >> Initially, I assumed the bug was in glibc. But I can open packet(7) >> sockets in a test program running as uid=euid=0, just not within >> libvirtd running with same privileges. >> > > Interesting, this is very bizarre. I assume that if you patch > libvirt 0.9.8 to use AF_INET again, it'll work fine ? > Yes, it is bizarre and yes, using AF_INET works. > Is there any other access control mechanism in force like SELinux > or AppArmour ? > No, which is why I'm rather confused... Thanks, Jim -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list