9p host/guest permissions & selinux...?

Morgan Read <mstuff@xxxxxxxxxxx> · Sun, 21 Jun 2015 19:29:06 +0100

Hello Folks

It's with some trepidation that I venture on to such a heady newsgroup, 
but I'm about ready to throw myself off a bridge after getting this all 
set up and apparently working only to be struck down by permissions and 
selinux hell (either, or both).

I've followed instructions here:
http://wiki.qemu.org/Documentation/9psetup
http://troglobit.github.io/blog/2013/07/05/file-system-pass-through-in-kvm-slash-qemu-slash-libvirt/
http://www.linux-kvm.org/page/9p_virtio

The page at the last link helpfully concludes:
Note: likely to hit some issues w/ privileges since Fedora libvirt runs 
guests unprivileged and with SELinux confinement...careful use of chown, 
chmod and chcon should get it working

And, that's the most useful information I've been able to find...

*Set up*
Host - f21 server
[user@frontserver ~]$ uname -a
Linux frontserver.lan 4.0.4-202.fc21.i686+PAE #1 SMP Wed May 27 22:51:47 
UTC 2015 i686 i686 i386 GNU/Linux
Guest - f20 (vortexbox)
[root@vortexbox ~]# uname -a
Linux vortexbox 3.12.5-301.fc20.i686+PAE #1 SMP Mon Dec 16 18:42:48 EST 
2013 i686 i686 i386 GNU/Linux

Share is at /home/vortexbox-storage and shared to /storage

Output of mount, touch, ls etc on host and guest:
[user@frontserver home]$ ls
lost+found  user  vortexbox-storage
[user@frontserver home]$ ls -al vortexbox-storage
total 12
drwxrwxrwx. 2 qemu qemu 4096 Apr  4 09:58 .
drwxr-xr-x. 5 root root 4096 Mar 24 11:23 ..
-rwxrwxrwx. 1 qemu qemu   17 Apr  3 17:54 hello
[user@frontserver home]$ cd vortexbox-storage
[user@frontserver vortexbox-storage]$ touch hello2
[user@frontserver vortexbox-storage]$ ls -al
total 12
drwxrwxrwx. 2 qemu qemu 4096 Jun 20 22:07 .
drwxr-xr-x. 5 root root 4096 Mar 24 11:23 ..
-rwxrwxrwx. 1 qemu qemu   17 Apr  3 17:54 hello
-rw-rw-r--. 1 user user    0 Jun 20 22:07 hello2
[user@frontserver vortexbox-storage]$ echo hello2 > hello2
[user@frontserver vortexbox-storage]$ cat hello2
hello2

[user@frontserver vortexbox-storage]$ ssh root@192.168.122.61
root@192.168.122.61's password:
Last login: Sat Jun 20 16:44:37 2015
[root@vortexbox /]# umount /storage
[root@vortexbox /]# ls -al | grep storage
drwxr-xr-x    2 root root  4096 Jun 20 12:24 storage
drwxr-xr-x    5 root root  4096 Mar 24 07:31 storage-tmp
[root@vortexbox /]# mount -t 9p -o trans=virtio,version=9p2000.L,rw 
storage /storage
[root@vortexbox /]# ls -al | grep storage
drwxrwxrwx    2  107  107  4096 Jun 21 14:11 storage
drwxr-xr-x    5 root root  4096 Mar 24 07:31 storage-tmp
[root@vortexbox /]# cd /storage
[root@vortexbox storage]# ls -al
ls: cannot access hello: Permission denied
total 8
drwxrwxrwx   2  107  107 4096 Jun 21 14:11 .
dr-xr-xr-x. 20 root root 4096 Mar 24 07:43 ..
-??????????  ? ?    ?       ?            ? hello
[root@vortexbox storage]# cat hello
cat: hello: Permission denied
[root@vortexbox storage]# ls -al
ls: cannot access hello2: Permission denied
ls: cannot access hello: Permission denied
total 8
drwxrwxrwx   2  107  107 4096 Jun 21 14:13 .
dr-xr-xr-x. 20 root root 4096 Mar 24 07:43 ..
-??????????  ? ?    ?       ?            ? hello
-??????????  ? ?    ?       ?            ? hello2
[root@vortexbox storage]# cat hello2
cat: hello2: Permission denied
[root@vortexbox storage]#

When I try touch or cat the hellos selinux-troubleshoot throws a wobbly. 
 I've logged that as a bug here:
https://bugzilla.redhat.com/show_bug.cgi?id=1234067

I figure it must be possible to give some fairly straight forward 
instruction (even for me) on what permissions to set where to get this 
working...

If anyone can help, I would be very very grateful (and happy:)

Thanks,
M
--
Morgan Read
<mailto:mstuffATreadDOTorgDOTnz>

Confused about DRM?
Get all the info you need at:
http://drm.info/

_______________________________________________
libvirt-users mailing list
libvirt-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvirt-users