>On Friday, March 22, 2019, 12:36:16 PM CDT, Peter Krempa <pkrempa@xxxxxxxxxx> wrote: > >On Wed, Mar 20, 2019 at 15:48:43 -0500, Eric Blake wrote: > >> On 3/20/19 1:50 PM, Mircea Husz wrote: >> > I scripted the creation of snapshots and it works fine. Now I'd like to run the script as non-root. >> > >> > virsh snapshot-create-as --domain hq-live-v01 \ >> > --name snappy \ >> > --diskspec vda,file=/var/lib/libvirt/images/hq-live-v01.snappy,snapshot=external \ >> > --diskspec vdb,file=/var/lib/libvirt/images/hq-live-storage.snappy,snapshot=external \ >> > --disk-only --quiesce --atomic >> > >> > This fragment creates the snapshots, but get created with mode 0600: >> > -rw------- 1 qemu qemu 393216 Mar 19 17:08 hq-live-storage.snappy >> > -rw------- 1 qemu qemu 1048576 Mar 19 17:08 hq-live-v01.snappy >> > >> > The user account is in the libvirt group and has permissions to do everything except delete the files created by the snapshot, all I need is to get the snapshots created with 0660 mode. >> > >> > This is on a Centos 7.6 installation. What knobs do I need to turn to control the umask? >> >> I'm not sure if you can force libvirt to create the files with a >> different mask, but perhaps a workaround would be to pre-create the >> files yourself with desired permissions, then tell virsh to >> --reuse-external (so that libvirt no longer has to try and create the >> files, and thus doesn't mess with permissions). > > >--reuse-external is good only for using a custom-formatted image. >Libvirt will chown the image to qemu:qemu if you don't disable >relabelling. This is possible to do via the <seclabel> even in a >snapshot <disk> definition. I created an image as the non-root user and it worked well. qemu-img create -f qcow2 /path/to/file 1k >Note that it's not documented yet and also does not conform to the >schema, but the parser happily parses it and the code uses the correct ><seclabel> then. I have a not-sufficiently-tested patch that adds the >schema (and IIRC also docs) which I planned to send after testing. Yes, I noticed that the snapshot changed the owner back to qemu. I just added the user to the qemu group. Good thing it didn't change the mask. Also, selinux is disabled on this installation. Thank you for the helpful information. -Mike _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
