Virtual Machine Manager (virt-manager)

DoneSubmitted by Raghav Gururajan.
Details
8 participants
  • Brice Waegeneire
  • Chris Marusich
  • Efraim Flashner
  • Christopher Baines
  • Tobias Geerinckx-Rice
  • Raghav Gururajan
  • Miguel Arruga Vivas
  • Raghav Gururajan
Owner
unassigned
Severity
important
R
R
Raghav Gururajan wrote on 13 Jul 2019 07:06
(address . bug-guix@gnu.org)
255adc32694ef0c22fb789b1eea66a243cffb649.camel@disroot.org
Hello Guix!
Unable to create any VMs by installing from any ISO file.
The virt-manager gives out the following error:
Unable to complete install: 'Unable to read from'/sys/fs/cgroup/unified/machine/cgroup.controllers': No such file ordirectory'
Traceback (most recent call last): File "/gnu/store/r2l62bg0ayh22pkgs0jm9ig8q8n7daql-virt-manager-2.1.0/share/virt-manager/virtManager/asyncjob.py", line 75, incb_wrapper callback(asyncjob, *args, **kwargs) File "/gnu/store/r2l62bg0ayh22pkgs0jm9ig8q8n7daql-virt-manager-2.1.0/share/virt-manager/virtManager/create.py", line 2122, in_do_async_install guest.installer_instance.start_install(guest, meter=meter) File "/gnu/store/r2l62bg0ayh22pkgs0jm9ig8q8n7daql-virt-manager-2.1.0/share/virt-manager/virtinst/installer.py", line 415, instart_install doboot, transient) File "/gnu/store/r2l62bg0ayh22pkgs0jm9ig8q8n7daql-virt-manager-2.1.0/share/virt-manager/virtinst/installer.py", line 358, in_create_guest domain = self.conn.createXML(install_xml or final_xml, 0) File "/gnu/store/kcdnna2613in9xfm9gxjqvkisdns911v-python-libvirt-5.5.0/lib/python3.7/site-packages/libvirt.py", line 3840, in createXML if ret is None:raise libvirtError('virDomainCreateXML() failed',conn=self)libvirt.libvirtError: Unable to read from'/sys/fs/cgroup/unified/machine/cgroup.controllers': No such file ordirectory
Regards,RG.
R
R
Raghav Gururajan wrote on 13 Jul 2019 07:17
severity 36634 important
(address . control@debbugs.gnu.org)
fc593336b3edab01805d76d8dcfd70fdf99f91d6.camel@disroot.org
severity 36634 important
E
E
Efraim Flashner wrote on 14 Jul 2019 14:42
Re: bug#36634: Virtual Machine Manager (virt-manager)
(name . Raghav Gururajan)(address . rvgn@disroot.org)(address . 36634@debbugs.gnu.org)
20190714124254.GC22158@macbook41
On Sat, Jul 13, 2019 at 01:06:55AM -0400, Raghav Gururajan wrote:
Toggle quote (38 lines)> Hello Guix!> > Unable to create any VMs by installing from any ISO file.> > The virt-manager gives out the following error:> > Unable to complete install: 'Unable to read from> '/sys/fs/cgroup/unified/machine/cgroup.controllers': No such file or> directory'> > Traceback (most recent call last):> File "/gnu/store/r2l62bg0ayh22pkgs0jm9ig8q8n7daql-virt-manager-> 2.1.0/share/virt-manager/virtManager/asyncjob.py", line 75, in> cb_wrapper> callback(asyncjob, *args, **kwargs)> File "/gnu/store/r2l62bg0ayh22pkgs0jm9ig8q8n7daql-virt-manager-> 2.1.0/share/virt-manager/virtManager/create.py", line 2122, in> _do_async_install> guest.installer_instance.start_install(guest, meter=meter)> File "/gnu/store/r2l62bg0ayh22pkgs0jm9ig8q8n7daql-virt-manager-> 2.1.0/share/virt-manager/virtinst/installer.py", line 415, in> start_install> doboot, transient)> File "/gnu/store/r2l62bg0ayh22pkgs0jm9ig8q8n7daql-virt-manager-> 2.1.0/share/virt-manager/virtinst/installer.py", line 358, in> _create_guest> domain = self.conn.createXML(install_xml or final_xml, 0)> File "/gnu/store/kcdnna2613in9xfm9gxjqvkisdns911v-python-libvirt-> 5.5.0/lib/python3.7/site-packages/libvirt.py", line 3840, in createXML> if ret is None:raise libvirtError('virDomainCreateXML() failed',> conn=self)> libvirt.libvirtError: Unable to read from> '/sys/fs/cgroup/unified/machine/cgroup.controllers': No such file or> directory> > Regards,> RG.>
Checking my machine:$ ls /sys/fs/cgroup/unified/cgroup.controllers cgroup.max.depth cgroup.max.descendants cgroup.procs cgroup.stat cgroup.subtree_control cgroup.threads
-- Efraim Flashner <efraim@flashner.co.il> אפרים פלשנרGPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351Confidentiality cannot be guaranteed on emails sent or received unencrypted
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAl0rI04ACgkQQarn3Mo9g1GQaRAAsSzCcIERIAt9Y1KQcQzXlDBe55/cdErT9eC2UpH4twDTWEW413/0FRW/bugjZEhVPTB5Z2O8MIeGWJY3yoQQGlYQm5UogJlRTOCrgvqjnnUXCRWJ0X6qddcfBWC29tYTQCstjAPdnTQSZ6evWpEwOuhBG/rFKMeGtoNzDycOxL1kfYawURoqFbVyBImy30bM8sNlkW1ymSgSK+ZKfcn/p2/sOVkXjI7ukqdzfih1aROhNFF1qYsq0tgAj7nFeXbOLuMhuz3eiMEu0R69A6pQzf2TxB7Mh4zb5RvohMW96U9XtlQxt8snzuzyKnc+Urz5FaLhmJ72L2XKmtZ4XEtVRz9c1iURDTX6bjZbn1DZlroGUipj6nofNo4VXDyFnjvsvphfS666rULZpkk1PE02A/9YWZKd0H76185eRR8V6ZtksrpHwqV1JJuvs3YDoqZ024V0ySe7ZtSF3NnH5TqWVpSGAw7hBjpau7dvuc0ovw9IkTzn0A3kS5qiKyfYlzt23fspar4FjfqsmGhf20YepYAFrGCCcgfNWTOK3mowOOWHwRWVd57Vn/CGXY+1SFS6hajbCBeNHQajQI6sh3wu0WdVgDYi78JAsI7Iuax2f7yZr2t05E7ob/Xzu83XoR9JpEMfq/9RPABuW/uZb6DinOjOyzphu8H+M0ET6Wn1Gy8==PMzh-----END PGP SIGNATURE-----

R
R
Raghav Gururajan wrote on 14 Jul 2019 23:21
(name . Efraim Flashner)(address . efraim@flashner.co.il)(address . 36634@debbugs.gnu.org)
561b80a4c646b459685298aba7f55348b090069e.camel@disroot.org
Toggle quote (5 lines)> Checking my machine:> $ ls /sys/fs/cgroup/unified/> cgroup.controllers cgroup.max.depth cgroup.max.descendants cgroup.> procs cgroup.stat cgroup.subtree_control cgroup.threads
I get the same output for `ls /sys/fs/cgroup/unified/`. But as shown inthe error, the virt-manager is searching the directory"/sys/fs/cgroup/unified/machine" (not "/sys/fs/cgroup/unified/"), whichdoes not exist. o.O
Regards,RG.
C
C
Christopher Baines wrote on 21 Jul 2019 19:23
(address . bug-guix@gnu.org)
87sgqze1yq.fsf@cbaines.net
Raghav Gururajan <rvgn@disroot.org> writes:
Toggle quote (4 lines)> libvirt.libvirtError: Unable to read from> '/sys/fs/cgroup/unified/machine/cgroup.controllers': No such file or> directory
So, I've experienced this too. Even though this is a cgroup thing, I'mpretty sure this isn't an issue with Linux.
I've tried reverting the changes in [1], and that seems to solve theissue. Unfortunately, I don't have any insight in to what's differentbetween the problematic 5.5.0 release, and the working 5.4.0 release.
1: 458fe419232844d2021608d20dcd8f6e095eb2b4https://git.savannah.gnu.org/cgit/guix.git/commit/?id=458fe419232844d2021608d20dcd8f6e095eb2b4
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAl00n41fFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNFODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE9XdmXBAAuVBKX/yao9mwUvZs0j4XjFMjccZ2tR7DQSyvBp+/MNG7p3eyIW/kMxT6vNU4Zp4QTOYWV0TlzXmflxsvwO+zM5PYn4GukGShHWrjtET6OXGCP2BcmmkJavbi5aHc6FGmPn3c/Yk84IkzJ8BP6DrfNJzc6m9cPyEEmynb4gpNDmiWsGJAMbX0qjgwq/XKskcnW/IrFBUnpkW+AyJNjFlHRI9A+Rd8BNJZsoo0uXDpB38dfwrFeAyAJMaOeAs83HviLipERybkSsUh0/VKJOuqWR+X5fdH+/2pdMLwRJNjJbNtUjG8JgCy28Y4S/GfU4Hlt7qISz448QZJW3u1bvHUe9kEwYAXDC6yxrW40gXJ0S+bg4TDv7lmj/lBgtdA4g0C6QTTmH4zwPaoE9T9mayGpGSq2W54wRwP+GQKM96n6c0FVDHItlHMUMeNa7zRat/OcxipBlb3FMidigWl9/pzbHe0r6Mr3/g4/1qXmxlppdXf+UwLleaV7iFoeYedFEBW8o9m9+li+U8SRG4D9nkWzK4P6vNxQnkVmElzAUo+IKlOOWhU+AgMWpG6cW3dPnMv3RAPPBOaypeCvmOvKMjg8sANRWJwyIv+pcvzCWnWcl5sxozFMqUCWzVGS0TiUXW5b6HXjTPOTgj9+GebM8d3ysiKoTNHyVd1e8mUzlfokJ4==nFnq-----END PGP SIGNATURE-----
R
R
Raghav Gururajan wrote on 21 Jul 2019 23:42
(address . 36634@debbugs.gnu.org)
00999c57af938c7946871d8c12c9aabeb28e12af.camel@disroot.org
Toggle quote (4 lines)> So, I've experienced this too. Even though this is a cgroup thing,> I'm> pretty sure this isn't an issue with Linux.
I see.
Toggle quote (4 lines)> I've tried reverting the changes in [1], and that seems to solve the> issue. Unfortunately, I don't have any insight in to what's different> between the problematic 5.5.0 release, and the working 5.4.0 release.
So, by reverting changes, do you mean you patched and made a newcommit?
Thank you!
Regards,RG.
R
R
Raghav Gururajan wrote on 25 Jul 2019 11:46
ATTENTION REQUIRED
(address . 36634@debbugs.gnu.org)
2427363bc3661f61734c5d908e5fcb0f57ab9ebc.camel@disroot.org
Hello Guix!
I posted the bug on libvirt mail list few days ago (https://www.redhat.com/archives/libvir-list/2019-July/msg01309.html). It appears the bughas now been fixed (https://github.com/libvirt/libvirt/commit/759bf903a6c24a8efa25c7cf4b099d952eda9bd3).
Could anyone please update the libvirt package/service to this latestbuild?
Thank you!
Regards,RG.
T
T
Tobias Geerinckx-Rice wrote on 25 Jul 2019 21:36
(name . Raghav Gururajan)(address . raghavgururajan@disroot.org)(address . 36634@debbugs.gnu.org)
1564083383.28412.1@submission.tobias.gr
Raghav,
On Thu, Jul 25, 2019 at 11:46 AM, Raghav Gururajan <raghavgururajan@disroot.org> wrote:
Toggle quote (12 lines)> Hello Guix!> > I posted the bug on libvirt mail list few days ago > (https://www.redhat.> com/archives/libvir-list/2019-July/msg01309.html). It appears the bug> has now been fixed > (https://github.com/libvirt/libvirt/commit/759bf903a> 6c24a8efa25c7cf4b099d952eda9bd3).> > Could anyone please update the libvirt package/service to this latest> build?
I will do so swiftly since I updated libvirt to the 'broken' version (although I never had any troubles like yours). Thank you for reporting this upstream.


A personal note: I find this new wave of 'ATTENTION REQUIRED' messages quite the opposite of motivating and pleasant. I'm honestly not sure what result you expect from them. I fear it may backfire.
You are very welcome to contribute patches yourself! I don't mean 'patches or GTFO', I mean 'please dive in, the water's great'. The reviewers don't bite. You don't need to be a programmmer; I'm not.
You've been part of our discussions for a while, you obviously care about Guix and Free software, and particularly about certain Gnome and 'desktop-demographic' packages that are clearly under-maintained or even missing because we're missing people like you. Learning to create and maintain them yourself is hardly more work than trying to herd volunteers like this -- and a hell of a lot more fun.
Kind regards,
T G-R
T
T
Tobias Geerinckx-Rice wrote on 25 Jul 2019 22:01
(name . Raghav Gururajan)(address . raghavgururajan@disroot.org)(address . 36634-done@debbugs.gnu.org)
878sslj33p.fsf@nckx
Tobias Geerinckx-Rice 写道:
Toggle quote (9 lines)>> Could anyone please update the libvirt package/service to this >> latest>> build?>> I will do so swiftly since I updated libvirt to the 'broken' > version> (although I never had any troubles like yours). Thank you for> reporting this upstream.
I have applied ‘your’ patch in 41097b2dee9367974c6dd16ac1ba2ee945457237.
I'm closing this bug for now. However, could you update and confirm that this actually solves the problem?
Kind regards,
T G-R
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQT12iAyS4c9C3o4dnINsP+IT1VteQUCXToKigAKCRANsP+IT1VteQT+AQDmK8iNSDoQqPTtqf8FTgN4fnfgGP5uf6K+AzYwpQBjDwD/ZcrCB3lteMftPXy1fY0NQJ+0V9rhN1KK4loarhkcAgQ==cX5V-----END PGP SIGNATURE-----
Closed
R
R
Raghav Gururajan wrote on 26 Jul 2019 05:47
Re: bug#36634
(name . Tobias Geerinckx-Rice)(address . me@tobias.gr)(address . 36634@debbugs.gnu.org)
024c3fdf57fa1cc35602868f71c55ebafd288293.camel@disroot.org
Toggle quote (4 lines)> I will do so swiftly since I updated libvirt to the 'broken' version > (although I never had any troubles like yours). Thank you for > reporting this upstream.
About that, it appears I misunderstood the patch. That recent build wasnot to fix the bug I reported. Anyway, I have been told by one of thelibvirt maintainers (pavel) that they are working on a fix for the bugI reported.
So once I come to know about the new patch, I will update you and thismail list. :)
Toggle quote (6 lines)> A personal note: I find this new wave of 'ATTENTION REQUIRED'> messages > quite the opposite of motivating and pleasant. I'm honestly not> sure > what result you expect from them. I fear it may backfire.
Yeah, sorry about that. It was not intentional. I thought that sendingreplies directly to `#bug@debbugs.gnu.org` will not use the subjectline, so just went with something top of my head. I will defer to dothis, moving forward. :)
Regards,RG.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEamFiplxUWgy2NgJiorDiYAVcMdsFAl06d7kACgkQorDiYAVcMdulfwf/Vg8YY8rZtATFZtzXIM1EGaRwpb8fHvfJmwL5ZVHQuM/J973tGubt/yKre8fzAVxM3Ef4iOzGplPF9TWiRUehoeV2UZ9AGQa3AsyWD3YbuRCnIn9y6i3yv03ZWI4x2xmKdba/OfC3nlLxn0BixL1oKyqkg5fUUYhDCUD7+SzLKMiZNALbBFRV0MtSnpO4Js0fM1tN9w8gv0POJQlwMBvPT0Rq72EWffIYWE3CBZQrtgLyjl99AHMqAd6KgdtkbZLDk864+bq71iLWsZfSU9lwRdc6FgBHhwiaYyNKpHX5eXGbaK9IR60uEciDJQY+/6cdcloowAc6c9V5Nb7F8YQlHg===vWfp-----END PGP SIGNATURE-----

R
R
Raghav Gururajan wrote on 26 Jul 2019 05:51
(name . Tobias Geerinckx-Rice)(address . me@tobias.gr)(address . 36634-done@debbugs.gnu.org)
4c27f6501096faf71c51295761413936b11aad73.camel@disroot.org
Toggle quote (6 lines)> I have applied ‘your’ patch in > 41097b2dee9367974c6dd16ac1ba2ee945457237.> > I'm closing this bug for now. However, could you update and > confirm that this actually solves the problem?
Oh Shoot! I just saw your previous reply and replied to it. Sorry forthe delay. Anyway that patch fixes something, so good.
You do not have to close the bug. I will update this mail list once Ireceive the correct patch. :)
Regards,RG.
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEamFiplxUWgy2NgJiorDiYAVcMdsFAl06eNUACgkQorDiYAVcMdvVNQf/cJg27tfIK/PXB912EgDvLZaUIAdSAWJkhrte33dClEh3d/xYpaR3OtYWBoRgW26paVVJ3yGEteAjR0s/m6WvS0UumxrMU7ZOhT72k4dQnqRFvAiDE5CUCq/TlkYSNC9yW1xq8w3cUr6/rja3hGNJ00H9eOzwhyDXtnQOCBrmXSihtKVufv2TtZONyJZ0MDzIwDsOKVR7Owero0ALU8KqXSyZPwj2LEcY82quSiV5I3HOJBrus404oyji67ZBMlJDolfs07ZR9lUcbHmKaiLFLNB3JKnGLEqEZRoqwGDUG1i+vm2YG13jjVHVORNCStIkDXu4/n+bzZgAM6Pi3QtS7A===TM3B-----END PGP SIGNATURE-----

Closed
C
C
Christopher Baines wrote on 8 Sep 2019 20:14
Re: bug#36634: Virtual Machine Manager (virt-manager)
(address . 36634@debbugs.gnu.org)
87lfuyodt7.fsf@cbaines.net
As version 5.7.0 has been released, I tried updating to that. Thereseems to be some issue with the configuration for the socket file, buteven avoiding that, it doesn't seem to resolve the issue with thecgroups.
For now, I've switched more permanently back to 5.4.0.
-----BEGIN PGP SIGNATURE-----
iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAl11RRRfFIAAAAAALgAoaXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNFODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE9XdtnBAAkuqP5ZQGEuDokuXn9GAy0ECfbpBa5k+ooP+fEjgRnBv687j+hkVR8sq41JB7Yh+e++lBCKfPmBYPTusMpUDw/9b4kYsrpgXM5gEfHTKyrrJQHf265BoeRT4c9O9fsbWp2eNobl1MExKMapbB7a8G4XlZshw3j5D8JSmbgTON3U0O7wPbTm2vX7RqnR1yj8xvKRFuuwtqM5+t/ZHuXgxRuBqSg+3GGwGLBxT3Xb+ehExPVo/ki8cv9LpYAx/grNP0jgB1s8NwHObZYa28VJBcPIo61FBzSDb0xnNiGGC4MDPDg55jafKPQ8R+vnO6yAwXrmOy/QdCQOOayvl97l5Wb8H6oi2iSdEitwIUZLDFJXT+HwxwAeqiFQMoSGIO7vXHaRwprH6dIilVo6WRrL/ue5mQwjpBlhbb5ZkZZbZCDSaabKJ/kl7KBeyZBngmMp1F5EfXMwqzqWj+iNTzUN9m+TJ6ARNxvJp+uwxGFIK/DeTIozmUnuAiBSTDmIPVHVn7p3IYjUN0dV4shHCrlgUfuNPQnpzOlqngk9/zCKF2W1ng4UMb5GDej5A80VVmVUjOPU9p24ad48gf6DyjrqFTZCw7xZbMnbI3dg/nbV0FAw3aQwE9Y3IJgXK/XW+fLWNqKXCCzYZLUGyxVNdzkTkRV8zxI4GIqvfmh5+xKatVAHY==xx2u-----END PGP SIGNATURE-----
C
C
Chris Marusich wrote on 23 Sep 2019 06:14
(name . Christopher Baines)(address . mail@cbaines.net)
87wodzir88.fsf@gmail.com
Christopher Baines <mail@cbaines.net> writes:
Toggle quote (16 lines)> Raghav Gururajan <rvgn@disroot.org> writes:>>> libvirt.libvirtError: Unable to read from>> '/sys/fs/cgroup/unified/machine/cgroup.controllers': No such file or>> directory>> So, I've experienced this too. Even though this is a cgroup thing, I'm> pretty sure this isn't an issue with Linux.>> I've tried reverting the changes in [1], and that seems to solve the> issue. Unfortunately, I don't have any insight in to what's different> between the problematic 5.5.0 release, and the working 5.4.0 release.>> 1: 458fe419232844d2021608d20dcd8f6e095eb2b4> https://git.savannah.gnu.org/cgit/guix.git/commit/?id=458fe419232844d2021608d20dcd8f6e095eb2b4
This bug is consistently reproducible. I've found an upstream bugreport that is very similar to what we're seeing here, so I've left acomment telling the libvirt maintainers that Guix is also seeing asimilar issue:
https://bugzilla.redhat.com/show_bug.cgi?id=1751120
In the meantime, should we revert to version 5.4.0 in Guix? I'm notsure if there are any security vulnerabilities between 5.4.0 and themost recent release, but this bug is currently preventing me fromcreating any VMs at all in Guix using virt-manager, which is pretty bad.
-- Chris
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAl2IRqcACgkQ3UCaFdgiRp2TYw/8CO/v9eUxUp21mG6u13IhxOgGv8exq56SqEIOltooiJUUTl5XQYeGPl6PbvAY/GBWSYIjrE6lwLFEvjoAqz0/I7VjzKPBwIAPkLAQyBVuIbjgMrWp5T0Rz5oI3KmhgCgFnOGOb21SfUZ+pcLN2nSGViUugs1c/v/oNIeD6QkSPLgrEkklFoBYfbBTNhaFHEPlUnS7QIZ0Jp/SJHy8sNL9hYwQgu7CXILOx2Jj22061MmQfq1xsPUT5+B4BpBM0e0cfid8qkEZrC+VS9n/KIoCqLwta1acPueXNHyKxADENo1/5A15TcmZ3Xewj4j0CKUXfuYzYOymjA2AoLQrtVwHAA1lnRAnJ81S8tZNwnHVQEvFOiemFRkB0xxXK4kAGOYEjnxhwJSKVl9zx4SCEAnyovTVjYZQ5ryT1YTIpnqtBT3Tqp5klmXMUmUXE0P352usyLCHkGynA1H+WjWWJZ+opigxIeitPLb0hI/kakVYASD7uhAAKTUw9vC5ipiJDx/0YMsHzTg/2Nnezvi5nCXlilRRiVuV04goaLk/E4aqloA31CCUDg3rk+0kOMAsw/G9qcJGXMbD2LEWGoOWA2+gxsL6xjXPTSNSJvMv29iL7t+S6Uzv5heAmWO/jLYjHkpdpeRTAfIVF/aAVt4D7Wlpnme3+JIQOwbZnJC3ExgqD0Q==IcTc-----END PGP SIGNATURE-----
T
T
Tobias Geerinckx-Rice wrote on 23 Sep 2019 06:30
87y2yf1vop.fsf@nckx
Chrisen,
Chris Marusich 写道:
Toggle quote (9 lines)> In the meantime, should we revert to version 5.4.0 in Guix? I'm > not> sure if there are any security vulnerabilities between 5.4.0 and > the> most recent release, but this bug is currently preventing me > from> creating any VMs at all in Guix using virt-manager, which is > pretty bad.
Yes! (which is why I originally updated this package):
v5.5.0 (2019-07-02) Security api: Prevent access to several APIs over read-only connections Certain APIs give root-equivalent access to the host, and as such should be limited to privileged users. CVE-2019-10161, CVE-2019-10166, CVE-2019-10167, CVE-2019-10168.
­ https://libvirt.org/news.html
It might be easy to backport. I didn't try, and I no longer use libvirt myself.
What's weird (maybe; I haven't kept up with the thread) is that I used libvirt 5.5.0 (and yes, it was 5.5.0) for a while without problems. I don't remember whether I created any *new* VMs, though.
Kind regards,
T G-R
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfo+u0AlEeO9y5k0W2Imw8BjFSTwFAl2ISlYACgkQ2Imw8BjFSTxbWBAAgH5E9EPOKItqOWmZ0J9TLIro985CmaCqU+UjL5QBHAZeJ9eBcDH+poL8C60RnzntPSB58XBHDDikKDiYtQVtKW3kWFWiLRFO4c2cuQiuK2xF2Vh7tGbY3lEvlTDRd3fX6f5QVZv5HT0ObzXC27kcOw3rbSu/KnO0q/KYmJdmAXxLvmRzNruX/dv0X3/+42tMymWSevs3BiwTNJIUHrIX0IMrVea9DVA1WmVEf5BDQqlHAfH1Z02Y+T7qOYlTRLhbed/gcx8ccHyDFX4MZBQ0Jcg0qOWRkMAXQE5xUtLWd4xQdY6eatB11DpFBPqmLeSVfDxzYhyWYZcEvgH/pjHvZMPmSVu8GPs3bcmA2E7z+Xwn7Mf9JDfRrufJgugh+FO4pZ0M7egJL0pOZmS6K97J0dkTe3RI5gyZKrBdyxmjyatM4nENAyOp0oSTQTyaEJ+Kpgkd5m7C/smSeUrwYHszqikG5h23QQ6H79MwCIDJzQCitR9DMN6ZNLFF6Qo6Kqe4Z4ZArX4Q3kZ1mrKWV5/kHzX1MpPVrEXq4kUQzOnYCQ1FUfZU0zdSu31QIMX74Kx4c0+xdP0jkbPwp1Kj2vaYfqriqGudmzRpY+7byJegmHdQgrbFrQZjn8tyqU31pw27s7/Gt7D2BWICK2HgDWsmxf4pG0Ep6fy+C4RDWiIuJbg==pZds-----END PGP SIGNATURE-----
C
C
Chris Marusich wrote on 5 Oct 2019 07:41
(name . Christopher Baines)(address . mail@cbaines.net)
87lftzd9zx.fsf@gmail.com
Chris Marusich <cmmarusich@gmail.com> writes:
Toggle quote (7 lines)> This bug is consistently reproducible. I've found an upstream bug> report that is very similar to what we're seeing here, so I've left a> comment telling the libvirt maintainers that Guix is also seeing a> similar issue:>> https://bugzilla.redhat.com/show_bug.cgi?id=1751120
Upstream has made a patch, which supposedly fixes the issue on Fedorasystems. However, I applied it to a local checkout of Guix and testedit, but it didn't fix the issue for me. Perhaps that upstream bug andthis bug are slightly different? Anyway, I've updated the upstream bugreport with information that hopefully will be useful to them. We'llsee how it goes.
-- Chris
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAl2YLSMACgkQ3UCaFdgiRp0Zyw//TaGq4QqvsyWM5aL+VQSGEGwmBKEAF5Rorz67EaHTu46/1By2vtWgF7PleC9m3CzGdZ6pLVIF5A3GtSjLe5I+VHHJd90u6U+ifQIGTa1dh5ys+H+6T4FrielnN5HV+wnUMIKhKLUyurvJ7UXXRBT6JiWFKMUJJvgLTLEin3N3mn6+Y52MhOVkwLh4DYgillqsgLcTXpeuHhgee/2FHjO4gVUX4v07MIT054kNbRUkPNhUaIGigiwbr9fCzp0zKMfc742E568e9KN8JfLm3SR9XqxWbfcdw0biWDlLZippexGFdREy59zbn8Sc5j3pEwAI7lQ4VIYKVcu6ygah8cLcPasWR2O+B95wjoORsgmLmQjnrdRY95ERHTcT4KNZrcQy3OOYhSeNxVXgHLy6icwn9j7GFm8ZwVm2YGlJ0SUddaDzHFwkZFJqmAHN/UpY8YKugF4mZ26o1/6LTDfRHL4Jx1Oo6Nc4cQRR1W6+xsxKDzFSU+jp545t7VU4KyBAtvgfAPBsUMCWUbq7tDjyAI5J4OmOZrb/YRma/RYFFPAadRdWjOUl6lCxWidWaTyR8AeRDyb+ehNYQ2y/8XBxnwkYHbMgcxX4awG88nXQ72dlWjVNgKJoMJ4IjxhD73OQfKciY4wjBpEI9oXTLqFyWuOZKwQbbcgH/1dfg9tJCCScbB0==VNMQ-----END PGP SIGNATURE-----
C
C
Chris Marusich wrote on 10 Oct 2019 10:55
(name . Christopher Baines)(address . mail@cbaines.net)
87ftk1htdi.fsf@gmail.com
Chris Marusich <cmmarusich@gmail.com> writes:
Toggle quote (3 lines)> I've updated the upstream bug report with information that hopefully> will be useful to them. We'll see how it goes.
The original upstream bug report has been closed, but it seems likely itwas for a different issue, since it didn't fix the issue in Guix. Atupstream's recommendation, I've opened a new bug report specifically forthis problem here:
https://bugzilla.redhat.com/show_bug.cgi?id=1760233
I've given them detailed instructions, and a pre-made Guix VM thatdemonstrates the bug, which will hopefully help them investigate. Staytuned!
-- Chris
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAl2e8gkACgkQ3UCaFdgiRp2zqg//b+YU2FXV8J9IZH/6ggfAUvD2dahW/mmCczuCgN+mngSxg9pFed3scNG4eOEDQDcFrkXXL3IhClgGvvXYIwGpfWvtZeVfZA6WLRvYw0a7uX3C7X0J3LoDONKevlc17fOafEZsPtFNcd/3qZhMWMOFl/92p2qvEXxRgRxrgaYhbp/wgll9Y7r6T7jjOP2oYjD4jl7DVhazO4BR5UxyK5An9jPa3l4EzKk4i0q7hFMUZq9sReNjmuqO8w+o0J4CzRO+Qont4jp5k1jfvEBU6AinI5mO+CPo4jEy6x44PElHGR2CzsuPtWqQtXhF1jCsF4U9A2z35vmsc7kvLwbhv2Cd9kZLGuYGGZTVMGXF4gpTJ4SaNuKA5y6bZ6HQAgOcLlrhyPW05UsUiS16wEFfnQsfE1n64ozINMPSRa1pN6UkeoZ1oucVPcMPHFgkPBDKNCQ8PmkLdtyZFYpMZZ2Y6ZOwHbS/eNtJkDSYwfips6ptGLgnMnKm19ZP5mc4q4ira6I3A82nHnmW529LlFGLYLku1wuFO6eJtwaCiav8cwY05uMkf6KdLWD52Pqqqf9zKXL1StjUNZHBQompttvCyZGMFtzMiRFPYAhroP43BAJVconH5v29zq06ze5Cpy4XfTnASXyECFlKCRITptQcI0aKsZAjy8iGBBaCu1rVzDplwOQ==rOrM-----END PGP SIGNATURE-----
M
M
Miguel Arruga Vivas wrote on 21 Oct 2019 16:46
20191021164629.5a0ae2e0@gmail.com
Hi,
This bug can be easier to fix than we thought. :-D
As a workaround, you only have to execute:
$ sudo mkdir /sys/fs/cgroup/unified/{machine,system,user}
The folders should be created at libvirtd start, probably manually withsome extra cgroup magic that I don't understand yet, but this workswell and new machines can be created. I'll take a look this week intothe libvirtd service if nobody takes it first, as this is quite trivial.
Best regards,Miguel
M
M
Miguel Arruga Vivas wrote on 27 Oct 2019 10:37
20191027103719.47a9f1ea@gmail.com
Hello again,
The two patches attached create the cgroup directory needed and removethe warning for the ip binary missing. Still the following errorsare emitted to the log.
--------------------8<-------------------error : virConnectGetCPUModelNames:1109 : this function is not supported by the connection driver: virConnectGetCPUModelNameserror : virConnectGetAllDomainStats:11705 : this function is not supported by the connection driver: virConnectGetAllDomainStatserror : virCgroupSetValueRaw:473 : Unable to write to '/sys/fs/cgroup/unified/machine/qemu-1-Guix.libvirt-qemu/tasks': No such file or directoryerror : virCgroupRemoveRecursively:2383 : Unable to remove /sys/fs/cgroup/unified/machine/qemu-1-Guix.libvirt-qemu/ (16) -------------------->8-------------------
The last two may indicate there may be lurking another bug in thecgroups configuration, but at least the machines can be created andstarted/stopped seamlessly. What do you think?
Happy hacking!Miguel
From a5dd055ea0fc20420cca6df2d38302596d397c49 Mon Sep 17 00:00:00 2001From: =?UTF-8?q?Miguel=20=C3=81ngel=20Arruga=20Vivas?= <rosen644835@gmail.com>Date: Sun, 27 Oct 2019 03:56:17 +0100Subject: [PATCH 1/2] services: libvirtd: Create required control groups.
* gnu/services/virtualization.scm (libvirt-shepherd-service)[libvirtd-activation]: New shepherd service.[libvirtd]: Add a requirement of the new service.--- gnu/services/virtualization.scm | 11 +++++++++++ 1 file changed, 11 insertions(+)
Toggle diff (26 lines)diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scmindex bc8ac9b40a..2f26945efd 100644--- a/gnu/services/virtualization.scm+++ b/gnu/services/virtualization.scm@@ -428,8 +428,19 @@ potential infinite waits blocking libvirt.")) (let* ((config-file (libvirt-conf-file config)) (libvirt (libvirt-configuration-libvirt config))) (list (shepherd-service+ ;; See https://libvirt.org/cgroups.html#currentLayoutGeneric+ (documentation "Create the cgroup hierarchy required by libvirt.")+ (provision '(libvirtd-activation))+ (requirement '(file-system-/sys/fs/cgroup))+ (one-shot? #t)+ (start #~(lambda args+ (let ((path "/sys/fs/cgroup/unified/machine"))+ (or (access? path F_OK) (mkdir path)))))+ (stop #~(lambda args #t)))+ (shepherd-service (documentation "Run the libvirt daemon.") (provision '(libvirtd))+ (requirement '(libvirtd-activation)) (start #~(make-forkexec-constructor (list (string-append #$libvirt "/sbin/libvirtd") "-f" #$config-file)-- 2.23.0
From 24f7c06a47562f410ceb982a3b2a0d44980de392 Mon Sep 17 00:00:00 2001From: =?UTF-8?q?Miguel=20=C3=81ngel=20Arruga=20Vivas?= <rosen644835@gmail.com>Date: Sun, 27 Oct 2019 03:59:23 +0100Subject: [PATCH 2/2] services: libvirtd: Provide ip binary at runtime.
* gnu/services/virtualization.scm (libvirt-shepherd-service): Add sbin tothe PATH variable, as ip binary is installed there.--- gnu/services/virtualization.scm | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)
Toggle diff (20 lines)diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scmindex 2f26945efd..488cd63041 100644--- a/gnu/services/virtualization.scm+++ b/gnu/services/virtualization.scm@@ -444,9 +444,11 @@ potential infinite waits blocking libvirt.")) (start #~(make-forkexec-constructor (list (string-append #$libvirt "/sbin/libvirtd") "-f" #$config-file)+ ;; For finding qemu and ip binaries. #:environment-variables- ;; For finding qemu binaries.- '("PATH=/run/current-system/profile/bin")))+ (list (string-append+ "PATH=/run/current-system/profile/bin:"+ "/run/current-system/profile/sbin")))) (stop #~(make-kill-destructor)))))) (define libvirt-service-type-- 2.23.0
C
C
Chris Marusich wrote on 7 Nov 2019 09:44
(name . Miguel Arruga Vivas)(address . rosen644835@gmail.com)
87a798xeho.fsf@gmail.com
Hi Miguel,
Miguel Arruga Vivas <rosen644835@gmail.com> writes:
Toggle quote (17 lines)> Hello again,>> The two patches attached create the cgroup directory needed and remove> the warning for the ip binary missing. Still the following errors> are emitted to the log. >> --------------------8<-------------------> error : virConnectGetCPUModelNames:1109 : this function is not supported by the connection driver: virConnectGetCPUModelNames> error : virConnectGetAllDomainStats:11705 : this function is not supported by the connection driver: virConnectGetAllDomainStats> error : virCgroupSetValueRaw:473 : Unable to write to '/sys/fs/cgroup/unified/machine/qemu-1-Guix.libvirt-qemu/tasks': No such file or directory> error : virCgroupRemoveRecursively:2383 : Unable to remove /sys/fs/cgroup/unified/machine/qemu-1-Guix.libvirt-qemu/ (16) > -------------------->8------------------->> The last two may indicate there may be lurking another bug in the> cgroups configuration, but at least the machines can be created and> started/stopped seamlessly. What do you think?
With the patch you submitted upstream (not the patches you attached toyour previous email here), I can confirm the issue is fixed for me, andthat I do NOT observe the errors you mentioned above.
I see the patch was incorporated into Guix master in commitaa1f0896fb15a0bdcc5474839c8afdbb2520d603. That is good, and I thinkthis issue can be resolved. If nobody follows up in a few days' time,let's close the bug report.
Regarding your other patch in this thread to find the "ip" program atrun-time, could you open a new bug report or patch (viaguix-patches@gnu.org) for that? It seems unrelated to the issue athand.
Thank you for your help,
-- Chris
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAl3D2WMACgkQ3UCaFdgiRp02DBAAsXrVEdD6BKwjjIuFQ3U8zlL5mH14OBNyfLel/CD9VvcUAYLikil5FaM7wOoUu8jAmapb+DG1FO62+aSqXQjELtGn5V9IQe8liF+u5GAVjFHjymmoH2oDV13dBw9k7IPKeD9wtC//iImx4VR5+FTRe4LZg1oUryVn6OcEkHrxhMWnLOmHoGsHQHe6B6qFTcby8lA7iuGkTzeYNiJSmv24IgT6h2OpFFEpEkzf7Gt/a+1IRRylVji4nnlp0rNt1gtKhNnjORwulTzPzVd7r/38O85umnq0UEti+7l5Ps8ZizNlgqMRC2Z1/LDmfsdy9acWS/WeIjcwmD2avdhPoidPdnE3TNnUma1aongibApwZd4KWj+H+9dooxOVPdwMyN3motFM0ZfQCk/ISNkzpFFa2ewdrwAD+dSq/0vjIrC6CI936ILNKm6kZ7lo1Qi5s8RzJ8Y6oqyJsiGFBFLmS+3HEMJnWtaoM7e6FQQ5AUDFAmEir4WaICZKvb8V7Lr85XsYLXuT4OO7dYatJJNSM5mmbwvx1gRJz5EIE1GOLlDIG+jswl3oXNIcL1KcXzwRY5/k1gSFG97bTsZ0NDpj33Rp+8rbnCYFEtp1/4TExEEMYSz+HvYnyUVtMCBTg3d9oxZEUmOTA1bFr6XMROCBQluRtG703HY7oU2XhbpZLd8sXtc==2ifq-----END PGP SIGNATURE-----
M
M
Miguel Arruga Vivas wrote on 8 Nov 2019 01:53
(name . Chris Marusich)(address . cmmarusich@gmail.com)
20191108015105.354ef1c4@gmail.com
Hi Chris,
Chris Marusich <cmmarusich@gmail.com> writes:
Toggle quote (4 lines)> With the patch you submitted upstream (not the patches you attached to> your previous email here), I can confirm the issue is fixed for me,> and that I do NOT observe the errors you mentioned above.
Sorry, I did not send the email here.
Toggle quote (5 lines)> I see the patch was incorporated into Guix master in commit> aa1f0896fb15a0bdcc5474839c8afdbb2520d603. That is good, and I think> this issue can be resolved. If nobody follows up in a few days' time,> let's close the bug report.
I created 38032 on guix-patches and Ludo’ applied them.
Toggle quote (4 lines)> Regarding your other patch in this thread to find the "ip" program at> run-time, could you open a new bug report or patch (via> guix-patches@gnu.org) for that?
It was included in that patchset and it was unrelated, yes. Onmaster it's commit 2dfb9ba406.
Toggle quote (2 lines)> It seems unrelated to the issue at hand.
I've been using the patches now on master this week and I have a reallyannoying problem: the mouse is drawn on top of the vm screen. Thisone is unrelated too, so I should open a new bug, maybe tovirt-manager...
Toggle quote (2 lines)> Thank you for your help,
Thank you too, as you reported upstream and provided a great testenvironment, which will help them to test my solution or find betterones. :)
Happy hacking!Miguel
B
B
Brice Waegeneire wrote on 19 Mar 2020 11:06
(no subject)
(address . 36634@debbugs.gnu.org)
76c4a36a5e46a15e32ecdc95d8189182@waegenei.re
Hello,
Toggle quote (8 lines)> Chris Marusich <cmmarusich@gmail.com> writes:>> I see the patch was incorporated into Guix master in commit>> aa1f0896fb15a0bdcc5474839c8afdbb2520d603. That is good, and I think>> this issue can be resolved. If nobody follows up in a few days' time,>> let's close the bug report.> > I created 38032 on guix-patches and Ludo’ applied them.
Looks like this issue can be closed.I can't reproduce the bug. Upstream fixed it in libvirt 5.10, sowe'll be able to remove Miguel's patch when we upgrade libvrit.
Brice.
B
B
Brice Waegeneire wrote on 23 Mar 2020 08:39
Close 36634
(address . control@debbugs.gnu.org)
ed0ad8524ef90f196218b6e6d5a19f41@waegenei.re
?
Your comment

Commenting via the web interface is currently disabled.

To comment on this conversation send email to 36634@debbugs.gnu.org