Virtual Machine Manager (virt-manager)

  • Done
  • quality assurance status badge
Details
8 participants
  • Brice Waegeneire
  • Chris Marusich
  • Efraim Flashner
  • Christopher Baines
  • Tobias Geerinckx-Rice
  • Raghav Gururajan
  • Miguel Arruga Vivas
  • Raghav Gururajan
Owner
unassigned
Submitted by
Raghav Gururajan
Severity
important
R
R
Raghav Gururajan wrote on 13 Jul 2019 07:06
(address . bug-guix@gnu.org)
255adc32694ef0c22fb789b1eea66a243cffb649.camel@disroot.org
Hello Guix!

Unable to create any VMs by installing from any ISO file.

The virt-manager gives out the following error:

Unable to complete install: 'Unable to read from
'/sys/fs/cgroup/unified/machine/cgroup.controllers': No such file or
directory'

Traceback (most recent call last):
File "/gnu/store/r2l62bg0ayh22pkgs0jm9ig8q8n7daql-virt-manager-
2.1.0/share/virt-manager/virtManager/asyncjob.py", line 75, in
cb_wrapper
callback(asyncjob, *args, **kwargs)
File "/gnu/store/r2l62bg0ayh22pkgs0jm9ig8q8n7daql-virt-manager-
2.1.0/share/virt-manager/virtManager/create.py", line 2122, in
_do_async_install
guest.installer_instance.start_install(guest, meter=meter)
File "/gnu/store/r2l62bg0ayh22pkgs0jm9ig8q8n7daql-virt-manager-
2.1.0/share/virt-manager/virtinst/installer.py", line 415, in
start_install
doboot, transient)
File "/gnu/store/r2l62bg0ayh22pkgs0jm9ig8q8n7daql-virt-manager-
2.1.0/share/virt-manager/virtinst/installer.py", line 358, in
_create_guest
domain = self.conn.createXML(install_xml or final_xml, 0)
File "/gnu/store/kcdnna2613in9xfm9gxjqvkisdns911v-python-libvirt-
5.5.0/lib/python3.7/site-packages/libvirt.py", line 3840, in createXML
if ret is None:raise libvirtError('virDomainCreateXML() failed',
conn=self)
libvirt.libvirtError: Unable to read from
'/sys/fs/cgroup/unified/machine/cgroup.controllers': No such file or
directory

Regards,
RG.
R
R
Raghav Gururajan wrote on 13 Jul 2019 07:17
severity 36634 important
(address . control@debbugs.gnu.org)
fc593336b3edab01805d76d8dcfd70fdf99f91d6.camel@disroot.org
severity 36634 important
E
E
Efraim Flashner wrote on 14 Jul 2019 14:42
Re: bug#36634: Virtual Machine Manager (virt-manager)
(name . Raghav Gururajan)(address . rvgn@disroot.org)(address . 36634@debbugs.gnu.org)
20190714124254.GC22158@macbook41
On Sat, Jul 13, 2019 at 01:06:55AM -0400, Raghav Gururajan wrote:
Toggle quote (38 lines)
> Hello Guix!
>
> Unable to create any VMs by installing from any ISO file.
>
> The virt-manager gives out the following error:
>
> Unable to complete install: 'Unable to read from
> '/sys/fs/cgroup/unified/machine/cgroup.controllers': No such file or
> directory'
>
> Traceback (most recent call last):
> File "/gnu/store/r2l62bg0ayh22pkgs0jm9ig8q8n7daql-virt-manager-
> 2.1.0/share/virt-manager/virtManager/asyncjob.py", line 75, in
> cb_wrapper
> callback(asyncjob, *args, **kwargs)
> File "/gnu/store/r2l62bg0ayh22pkgs0jm9ig8q8n7daql-virt-manager-
> 2.1.0/share/virt-manager/virtManager/create.py", line 2122, in
> _do_async_install
> guest.installer_instance.start_install(guest, meter=meter)
> File "/gnu/store/r2l62bg0ayh22pkgs0jm9ig8q8n7daql-virt-manager-
> 2.1.0/share/virt-manager/virtinst/installer.py", line 415, in
> start_install
> doboot, transient)
> File "/gnu/store/r2l62bg0ayh22pkgs0jm9ig8q8n7daql-virt-manager-
> 2.1.0/share/virt-manager/virtinst/installer.py", line 358, in
> _create_guest
> domain = self.conn.createXML(install_xml or final_xml, 0)
> File "/gnu/store/kcdnna2613in9xfm9gxjqvkisdns911v-python-libvirt-
> 5.5.0/lib/python3.7/site-packages/libvirt.py", line 3840, in createXML
> if ret is None:raise libvirtError('virDomainCreateXML() failed',
> conn=self)
> libvirt.libvirtError: Unable to read from
> '/sys/fs/cgroup/unified/machine/cgroup.controllers': No such file or
> directory
>
> Regards,
> RG.
>
Checking my machine:
$ ls /sys/fs/cgroup/unified/
cgroup.controllers cgroup.max.depth cgroup.max.descendants cgroup.procs cgroup.stat cgroup.subtree_control cgroup.threads

--
Efraim Flashner <efraim@flashner.co.il> ????? ?????
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAl0rI04ACgkQQarn3Mo9
g1GQaRAAsSzCcIERIAt9Y1KQcQzXlDBe55/cdErT9eC2UpH4twDTWEW413/0FRW/
bugjZEhVPTB5Z2O8MIeGWJY3yoQQGlYQm5UogJlRTOCrgvqjnnUXCRWJ0X6qddcf
BWC29tYTQCstjAPdnTQSZ6evWpEwOuhBG/rFKMeGtoNzDycOxL1kfYawURoqFbVy
BImy30bM8sNlkW1ymSgSK+ZKfcn/p2/sOVkXjI7ukqdzfih1aROhNFF1qYsq0tgA
j7nFeXbOLuMhuz3eiMEu0R69A6pQzf2TxB7Mh4zb5RvohMW96U9XtlQxt8snzuzy
Knc+Urz5FaLhmJ72L2XKmtZ4XEtVRz9c1iURDTX6bjZbn1DZlroGUipj6nofNo4V
XDyFnjvsvphfS666rULZpkk1PE02A/9YWZKd0H76185eRR8V6ZtksrpHwqV1JJuv
s3YDoqZ024V0ySe7ZtSF3NnH5TqWVpSGAw7hBjpau7dvuc0ovw9IkTzn0A3kS5qi
KyfYlzt23fspar4FjfqsmGhf20YepYAFrGCCcgfNWTOK3mowOOWHwRWVd57Vn/CG
XY+1SFS6hajbCBeNHQajQI6sh3wu0WdVgDYi78JAsI7Iuax2f7yZr2t05E7ob/Xz
u83XoR9JpEMfq/9RPABuW/uZb6DinOjOyzphu8H+M0ET6Wn1Gy8=
=PMzh
-----END PGP SIGNATURE-----


R
R
Raghav Gururajan wrote on 14 Jul 2019 23:21
(name . Efraim Flashner)(address . efraim@flashner.co.il)(address . 36634@debbugs.gnu.org)
561b80a4c646b459685298aba7f55348b090069e.camel@disroot.org
Toggle quote (5 lines)
> Checking my machine:
> $ ls /sys/fs/cgroup/unified/
> cgroup.controllers cgroup.max.depth cgroup.max.descendants cgroup.
> procs cgroup.stat cgroup.subtree_control cgroup.threads

I get the same output for `ls /sys/fs/cgroup/unified/`. But as shown in
the error, the virt-manager is searching the directory
"/sys/fs/cgroup/unified/machine" (not "/sys/fs/cgroup/unified/"), which
does not exist. o.O

Regards,
RG.
C
C
Christopher Baines wrote on 21 Jul 2019 19:23
(address . bug-guix@gnu.org)
87sgqze1yq.fsf@cbaines.net
Raghav Gururajan <rvgn@disroot.org> writes:

Toggle quote (4 lines)
> libvirt.libvirtError: Unable to read from
> '/sys/fs/cgroup/unified/machine/cgroup.controllers': No such file or
> directory

So, I've experienced this too. Even though this is a cgroup thing, I'm
pretty sure this isn't an issue with Linux.

I've tried reverting the changes in [1], and that seems to solve the
issue. Unfortunately, I don't have any insight in to what's different
between the problematic 5.5.0 release, and the working 5.4.0 release.

1: 458fe419232844d2021608d20dcd8f6e095eb2b4
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAl00n41fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE
9XdmXBAAuVBKX/yao9mwUvZs0j4XjFMjccZ2tR7DQSyvBp+/MNG7p3eyIW/kMxT6
vNU4Zp4QTOYWV0TlzXmflxsvwO+zM5PYn4GukGShHWrjtET6OXGCP2BcmmkJavbi
5aHc6FGmPn3c/Yk84IkzJ8BP6DrfNJzc6m9cPyEEmynb4gpNDmiWsGJAMbX0qjgw
q/XKskcnW/IrFBUnpkW+AyJNjFlHRI9A+Rd8BNJZsoo0uXDpB38dfwrFeAyAJMaO
eAs83HviLipERybkSsUh0/VKJOuqWR+X5fdH+/2pdMLwRJNjJbNtUjG8JgCy28Y4
S/GfU4Hlt7qISz448QZJW3u1bvHUe9kEwYAXDC6yxrW40gXJ0S+bg4TDv7lmj/lB
gtdA4g0C6QTTmH4zwPaoE9T9mayGpGSq2W54wRwP+GQKM96n6c0FVDHItlHMUMeN
a7zRat/OcxipBlb3FMidigWl9/pzbHe0r6Mr3/g4/1qXmxlppdXf+UwLleaV7iFo
eYedFEBW8o9m9+li+U8SRG4D9nkWzK4P6vNxQnkVmElzAUo+IKlOOWhU+AgMWpG6
cW3dPnMv3RAPPBOaypeCvmOvKMjg8sANRWJwyIv+pcvzCWnWcl5sxozFMqUCWzVG
S0TiUXW5b6HXjTPOTgj9+GebM8d3ysiKoTNHyVd1e8mUzlfokJ4=
=nFnq
-----END PGP SIGNATURE-----

R
R
Raghav Gururajan wrote on 21 Jul 2019 23:42
(address . 36634@debbugs.gnu.org)
00999c57af938c7946871d8c12c9aabeb28e12af.camel@disroot.org
Toggle quote (4 lines)
> So, I've experienced this too. Even though this is a cgroup thing,
> I'm
> pretty sure this isn't an issue with Linux.

I see.

Toggle quote (4 lines)
> I've tried reverting the changes in [1], and that seems to solve the
> issue. Unfortunately, I don't have any insight in to what's different
> between the problematic 5.5.0 release, and the working 5.4.0 release.

So, by reverting changes, do you mean you patched and made a new
commit?

Thank you!

Regards,
RG.
R
R
Raghav Gururajan wrote on 25 Jul 2019 11:46
ATTENTION REQUIRED
(address . 36634@debbugs.gnu.org)
2427363bc3661f61734c5d908e5fcb0f57ab9ebc.camel@disroot.org
Hello Guix!

I posted the bug on libvirt mail list few days ago (https://www.redhat.
com/archives/libvir-list/2019-July/msg01309.html). It appears the bug
6c24a8efa25c7cf4b099d952eda9bd3).

Could anyone please update the libvirt package/service to this latest
build?

Thank you!

Regards,
RG.
T
T
Tobias Geerinckx-Rice wrote on 25 Jul 2019 21:36
(name . Raghav Gururajan)(address . raghavgururajan@disroot.org)(address . 36634@debbugs.gnu.org)
1564083383.28412.1@submission.tobias.gr
Raghav,

On Thu, Jul 25, 2019 at 11:46 AM, Raghav Gururajan
<raghavgururajan@disroot.org> wrote:
Toggle quote (12 lines)
> Hello Guix!
>
> I posted the bug on libvirt mail list few days ago
> (https://www.redhat.
> com/archives/libvir-list/2019-July/msg01309.html). It appears the bug
> has now been fixed
> (https://github.com/libvirt/libvirt/commit/759bf903a
> 6c24a8efa25c7cf4b099d952eda9bd3).
>
> Could anyone please update the libvirt package/service to this latest
> build?

I will do so swiftly since I updated libvirt to the 'broken' version
(although I never had any troubles like yours). Thank you for
reporting this upstream.



A personal note: I find this new wave of 'ATTENTION REQUIRED' messages
quite the opposite of motivating and pleasant. I'm honestly not sure
what result you expect from them. I fear it may backfire.

You are very welcome to contribute patches yourself! I don't mean
'patches or GTFO', I mean 'please dive in, the water's great'. The
reviewers don't bite. You don't need to be a programmmer; I'm not.

You've been part of our discussions for a while, you obviously care
about Guix and Free software, and particularly about certain Gnome and
'desktop-demographic' packages that are clearly under-maintained or
even missing because we're missing people like you. Learning to create
and maintain them yourself is hardly more work than trying to herd
volunteers like this -- and a hell of a lot more fun.

Kind regards,

T G-R
T
T
Tobias Geerinckx-Rice wrote on 25 Jul 2019 22:01
(name . Raghav Gururajan)(address . raghavgururajan@disroot.org)(address . 36634-done@debbugs.gnu.org)
878sslj33p.fsf@nckx
Tobias Geerinckx-Rice ???
Toggle quote (9 lines)
>> Could anyone please update the libvirt package/service to this
>> latest
>> build?
>
> I will do so swiftly since I updated libvirt to the 'broken'
> version
> (although I never had any troubles like yours). Thank you for
> reporting this upstream.

I have applied ‘your’ patch in
41097b2dee9367974c6dd16ac1ba2ee945457237.

I'm closing this bug for now. However, could you update and
confirm that this actually solves the problem?

Kind regards,

T G-R
-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQT12iAyS4c9C3o4dnINsP+IT1VteQUCXToKigAKCRANsP+IT1Vt
eQT+AQDmK8iNSDoQqPTtqf8FTgN4fnfgGP5uf6K+AzYwpQBjDwD/ZcrCB3lteMft
PXy1fY0NQJ+0V9rhN1KK4loarhkcAgQ=
=cX5V
-----END PGP SIGNATURE-----

Closed
R
R
Raghav Gururajan wrote on 26 Jul 2019 05:47
Re: bug#36634
(name . Tobias Geerinckx-Rice)(address . me@tobias.gr)(address . 36634@debbugs.gnu.org)
024c3fdf57fa1cc35602868f71c55ebafd288293.camel@disroot.org
Toggle quote (4 lines)
> I will do so swiftly since I updated libvirt to the 'broken' version
> (although I never had any troubles like yours). Thank you for
> reporting this upstream.

About that, it appears I misunderstood the patch. That recent build was
not to fix the bug I reported. Anyway, I have been told by one of the
libvirt maintainers (pavel) that they are working on a fix for the bug
I reported.

So once I come to know about the new patch, I will update you and this
mail list. :)

Toggle quote (6 lines)
> A personal note: I find this new wave of 'ATTENTION REQUIRED'
> messages
> quite the opposite of motivating and pleasant. I'm honestly not
> sure
> what result you expect from them. I fear it may backfire.

Yeah, sorry about that. It was not intentional. I thought that sending
replies directly to `#bug@debbugs.gnu.org` will not use the subject
line, so just went with something top of my head. I will defer to do
this, moving forward. :)

Regards,
RG.
-----BEGIN PGP SIGNATURE-----

iQEzBAABCAAdFiEEamFiplxUWgy2NgJiorDiYAVcMdsFAl06d7kACgkQorDiYAVc
Mdulfwf/Vg8YY8rZtATFZtzXIM1EGaRwpb8fHvfJmwL5ZVHQuM/J973tGubt/yKr
e8fzAVxM3Ef4iOzGplPF9TWiRUehoeV2UZ9AGQa3AsyWD3YbuRCnIn9y6i3yv03Z
WI4x2xmKdba/OfC3nlLxn0BixL1oKyqkg5fUUYhDCUD7+SzLKMiZNALbBFRV0MtS
npO4Js0fM1tN9w8gv0POJQlwMBvPT0Rq72EWffIYWE3CBZQrtgLyjl99AHMqAd6K
gdtkbZLDk864+bq71iLWsZfSU9lwRdc6FgBHhwiaYyNKpHX5eXGbaK9IR60uEciD
JQY+/6cdcloowAc6c9V5Nb7F8YQlHg==
=vWfp
-----END PGP SIGNATURE-----


R
R
Raghav Gururajan wrote on 26 Jul 2019 05:51
(name . Tobias Geerinckx-Rice)(address . me@tobias.gr)(address . 36634-done@debbugs.gnu.org)
4c27f6501096faf71c51295761413936b11aad73.camel@disroot.org
Toggle quote (6 lines)
> I have applied ‘your’ patch in
> 41097b2dee9367974c6dd16ac1ba2ee945457237.
>
> I'm closing this bug for now. However, could you update and
> confirm that this actually solves the problem?

Oh Shoot! I just saw your previous reply and replied to it. Sorry for
the delay. Anyway that patch fixes something, so good.

You do not have to close the bug. I will update this mail list once I
receive the correct patch. :)

Regards,
RG.
-----BEGIN PGP SIGNATURE-----

iQEzBAABCAAdFiEEamFiplxUWgy2NgJiorDiYAVcMdsFAl06eNUACgkQorDiYAVc
MdvVNQf/cJg27tfIK/PXB912EgDvLZaUIAdSAWJkhrte33dClEh3d/xYpaR3OtYW
BoRgW26paVVJ3yGEteAjR0s/m6WvS0UumxrMU7ZOhT72k4dQnqRFvAiDE5CUCq/T
lkYSNC9yW1xq8w3cUr6/rja3hGNJ00H9eOzwhyDXtnQOCBrmXSihtKVufv2TtZON
yJZ0MDzIwDsOKVR7Owero0ALU8KqXSyZPwj2LEcY82quSiV5I3HOJBrus404oyji
67ZBMlJDolfs07ZR9lUcbHmKaiLFLNB3JKnGLEqEZRoqwGDUG1i+vm2YG13jjVHV
ORNCStIkDXu4/n+bzZgAM6Pi3QtS7A==
=TM3B
-----END PGP SIGNATURE-----


Closed
C
C
Christopher Baines wrote on 8 Sep 2019 20:14
Re: bug#36634: Virtual Machine Manager (virt-manager)
(address . 36634@debbugs.gnu.org)
87lfuyodt7.fsf@cbaines.net
As version 5.7.0 has been released, I tried updating to that. There
seems to be some issue with the configuration for the socket file, but
even avoiding that, it doesn't seem to resolve the issue with the
cgroups.

For now, I've switched more permanently back to 5.4.0.
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAl11RRRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF
ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE
9XdtnBAAkuqP5ZQGEuDokuXn9GAy0ECfbpBa5k+ooP+fEjgRnBv687j+hkVR8sq4
1JB7Yh+e++lBCKfPmBYPTusMpUDw/9b4kYsrpgXM5gEfHTKyrrJQHf265BoeRT4c
9O9fsbWp2eNobl1MExKMapbB7a8G4XlZshw3j5D8JSmbgTON3U0O7wPbTm2vX7Rq
nR1yj8xvKRFuuwtqM5+t/ZHuXgxRuBqSg+3GGwGLBxT3Xb+ehExPVo/ki8cv9LpY
Ax/grNP0jgB1s8NwHObZYa28VJBcPIo61FBzSDb0xnNiGGC4MDPDg55jafKPQ8R+
vnO6yAwXrmOy/QdCQOOayvl97l5Wb8H6oi2iSdEitwIUZLDFJXT+HwxwAeqiFQMo
SGIO7vXHaRwprH6dIilVo6WRrL/ue5mQwjpBlhbb5ZkZZbZCDSaabKJ/kl7KBeyZ
BngmMp1F5EfXMwqzqWj+iNTzUN9m+TJ6ARNxvJp+uwxGFIK/DeTIozmUnuAiBSTD
mIPVHVn7p3IYjUN0dV4shHCrlgUfuNPQnpzOlqngk9/zCKF2W1ng4UMb5GDej5A8
0VVmVUjOPU9p24ad48gf6DyjrqFTZCw7xZbMnbI3dg/nbV0FAw3aQwE9Y3IJgXK/
XW+fLWNqKXCCzYZLUGyxVNdzkTkRV8zxI4GIqvfmh5+xKatVAHY=
=xx2u
-----END PGP SIGNATURE-----

C
C
Chris Marusich wrote on 23 Sep 2019 06:14
(name . Christopher Baines)(address . mail@cbaines.net)
87wodzir88.fsf@gmail.com
Christopher Baines <mail@cbaines.net> writes:

Toggle quote (16 lines)
> Raghav Gururajan <rvgn@disroot.org> writes:
>
>> libvirt.libvirtError: Unable to read from
>> '/sys/fs/cgroup/unified/machine/cgroup.controllers': No such file or
>> directory
>
> So, I've experienced this too. Even though this is a cgroup thing, I'm
> pretty sure this isn't an issue with Linux.
>
> I've tried reverting the changes in [1], and that seems to solve the
> issue. Unfortunately, I don't have any insight in to what's different
> between the problematic 5.5.0 release, and the working 5.4.0 release.
>
> 1: 458fe419232844d2021608d20dcd8f6e095eb2b4
> https://git.savannah.gnu.org/cgit/guix.git/commit/?id=458fe419232844d2021608d20dcd8f6e095eb2b4

This bug is consistently reproducible. I've found an upstream bug
report that is very similar to what we're seeing here, so I've left a
comment telling the libvirt maintainers that Guix is also seeing a
similar issue:


In the meantime, should we revert to version 5.4.0 in Guix? I'm not
sure if there are any security vulnerabilities between 5.4.0 and the
most recent release, but this bug is currently preventing me from
creating any VMs at all in Guix using virt-manager, which is pretty bad.

--
Chris
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAl2IRqcACgkQ3UCaFdgi
Rp2TYw/8CO/v9eUxUp21mG6u13IhxOgGv8exq56SqEIOltooiJUUTl5XQYeGPl6P
bvAY/GBWSYIjrE6lwLFEvjoAqz0/I7VjzKPBwIAPkLAQyBVuIbjgMrWp5T0Rz5oI
3KmhgCgFnOGOb21SfUZ+pcLN2nSGViUugs1c/v/oNIeD6QkSPLgrEkklFoBYfbBT
NhaFHEPlUnS7QIZ0Jp/SJHy8sNL9hYwQgu7CXILOx2Jj22061MmQfq1xsPUT5+B4
BpBM0e0cfid8qkEZrC+VS9n/KIoCqLwta1acPueXNHyKxADENo1/5A15TcmZ3Xew
j4j0CKUXfuYzYOymjA2AoLQrtVwHAA1lnRAnJ81S8tZNwnHVQEvFOiemFRkB0xxX
K4kAGOYEjnxhwJSKVl9zx4SCEAnyovTVjYZQ5ryT1YTIpnqtBT3Tqp5klmXMUmUX
E0P352usyLCHkGynA1H+WjWWJZ+opigxIeitPLb0hI/kakVYASD7uhAAKTUw9vC5
ipiJDx/0YMsHzTg/2Nnezvi5nCXlilRRiVuV04goaLk/E4aqloA31CCUDg3rk+0k
OMAsw/G9qcJGXMbD2LEWGoOWA2+gxsL6xjXPTSNSJvMv29iL7t+S6Uzv5heAmWO/
jLYjHkpdpeRTAfIVF/aAVt4D7Wlpnme3+JIQOwbZnJC3ExgqD0Q=
=IcTc
-----END PGP SIGNATURE-----

T
T
Tobias Geerinckx-Rice wrote on 23 Sep 2019 06:30
87y2yf1vop.fsf@nckx
Chrisen,

Chris Marusich ???
Toggle quote (9 lines)
> In the meantime, should we revert to version 5.4.0 in Guix? I'm
> not
> sure if there are any security vulnerabilities between 5.4.0 and
> the
> most recent release, but this bug is currently preventing me
> from
> creating any VMs at all in Guix using virt-manager, which is
> pretty bad.

Yes! (which is why I originally updated this package):

v5.5.0 (2019-07-02)
Security
api: Prevent access to several APIs over read-only
connections
Certain APIs give root-equivalent access to the host,
and as
such should be limited to privileged
users. CVE-2019-10161,
CVE-2019-10166, CVE-2019-10167, CVE-2019-10168.


It might be easy to backport. I didn't try, and I no longer use
libvirt myself.

What's weird (maybe; I haven't kept up with the thread) is that I
used libvirt 5.5.0 (and yes, it was 5.5.0) for a while without
problems. I don't remember whether I created any *new* VMs,
though.

Kind regards,

T G-R
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEfo+u0AlEeO9y5k0W2Imw8BjFSTwFAl2ISlYACgkQ2Imw8BjF
STxbWBAAgH5E9EPOKItqOWmZ0J9TLIro985CmaCqU+UjL5QBHAZeJ9eBcDH+poL8
C60RnzntPSB58XBHDDikKDiYtQVtKW3kWFWiLRFO4c2cuQiuK2xF2Vh7tGbY3lEv
lTDRd3fX6f5QVZv5HT0ObzXC27kcOw3rbSu/KnO0q/KYmJdmAXxLvmRzNruX/dv0
X3/+42tMymWSevs3BiwTNJIUHrIX0IMrVea9DVA1WmVEf5BDQqlHAfH1Z02Y+T7q
OYlTRLhbed/gcx8ccHyDFX4MZBQ0Jcg0qOWRkMAXQE5xUtLWd4xQdY6eatB11DpF
BPqmLeSVfDxzYhyWYZcEvgH/pjHvZMPmSVu8GPs3bcmA2E7z+Xwn7Mf9JDfRrufJ
gugh+FO4pZ0M7egJL0pOZmS6K97J0dkTe3RI5gyZKrBdyxmjyatM4nENAyOp0oST
QTyaEJ+Kpgkd5m7C/smSeUrwYHszqikG5h23QQ6H79MwCIDJzQCitR9DMN6ZNLFF
6Qo6Kqe4Z4ZArX4Q3kZ1mrKWV5/kHzX1MpPVrEXq4kUQzOnYCQ1FUfZU0zdSu31Q
IMX74Kx4c0+xdP0jkbPwp1Kj2vaYfqriqGudmzRpY+7byJegmHdQgrbFrQZjn8ty
qU31pw27s7/Gt7D2BWICK2HgDWsmxf4pG0Ep6fy+C4RDWiIuJbg=
=pZds
-----END PGP SIGNATURE-----

C
C
Chris Marusich wrote on 5 Oct 2019 07:41
(name . Christopher Baines)(address . mail@cbaines.net)
87lftzd9zx.fsf@gmail.com
Chris Marusich <cmmarusich@gmail.com> writes:

Toggle quote (7 lines)
> This bug is consistently reproducible. I've found an upstream bug
> report that is very similar to what we're seeing here, so I've left a
> comment telling the libvirt maintainers that Guix is also seeing a
> similar issue:
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1751120

Upstream has made a patch, which supposedly fixes the issue on Fedora
systems. However, I applied it to a local checkout of Guix and tested
it, but it didn't fix the issue for me. Perhaps that upstream bug and
this bug are slightly different? Anyway, I've updated the upstream bug
report with information that hopefully will be useful to them. We'll
see how it goes.

--
Chris
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAl2YLSMACgkQ3UCaFdgi
Rp0Zyw//TaGq4QqvsyWM5aL+VQSGEGwmBKEAF5Rorz67EaHTu46/1By2vtWgF7Pl
eC9m3CzGdZ6pLVIF5A3GtSjLe5I+VHHJd90u6U+ifQIGTa1dh5ys+H+6T4Frieln
N5HV+wnUMIKhKLUyurvJ7UXXRBT6JiWFKMUJJvgLTLEin3N3mn6+Y52MhOVkwLh4
DYgillqsgLcTXpeuHhgee/2FHjO4gVUX4v07MIT054kNbRUkPNhUaIGigiwbr9fC
zp0zKMfc742E568e9KN8JfLm3SR9XqxWbfcdw0biWDlLZippexGFdREy59zbn8Sc
5j3pEwAI7lQ4VIYKVcu6ygah8cLcPasWR2O+B95wjoORsgmLmQjnrdRY95ERHTcT
4KNZrcQy3OOYhSeNxVXgHLy6icwn9j7GFm8ZwVm2YGlJ0SUddaDzHFwkZFJqmAHN
/UpY8YKugF4mZ26o1/6LTDfRHL4Jx1Oo6Nc4cQRR1W6+xsxKDzFSU+jp545t7VU4
KyBAtvgfAPBsUMCWUbq7tDjyAI5J4OmOZrb/YRma/RYFFPAadRdWjOUl6lCxWidW
aTyR8AeRDyb+ehNYQ2y/8XBxnwkYHbMgcxX4awG88nXQ72dlWjVNgKJoMJ4IjxhD
73OQfKciY4wjBpEI9oXTLqFyWuOZKwQbbcgH/1dfg9tJCCScbB0=
=VNMQ
-----END PGP SIGNATURE-----

C
C
Chris Marusich wrote on 10 Oct 2019 10:55
(name . Christopher Baines)(address . mail@cbaines.net)
87ftk1htdi.fsf@gmail.com
Chris Marusich <cmmarusich@gmail.com> writes:

Toggle quote (3 lines)
> I've updated the upstream bug report with information that hopefully
> will be useful to them. We'll see how it goes.

The original upstream bug report has been closed, but it seems likely it
was for a different issue, since it didn't fix the issue in Guix. At
upstream's recommendation, I've opened a new bug report specifically for
this problem here:


I've given them detailed instructions, and a pre-made Guix VM that
demonstrates the bug, which will hopefully help them investigate. Stay
tuned!

--
Chris
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAl2e8gkACgkQ3UCaFdgi
Rp2zqg//b+YU2FXV8J9IZH/6ggfAUvD2dahW/mmCczuCgN+mngSxg9pFed3scNG4
eOEDQDcFrkXXL3IhClgGvvXYIwGpfWvtZeVfZA6WLRvYw0a7uX3C7X0J3LoDONKe
vlc17fOafEZsPtFNcd/3qZhMWMOFl/92p2qvEXxRgRxrgaYhbp/wgll9Y7r6T7jj
OP2oYjD4jl7DVhazO4BR5UxyK5An9jPa3l4EzKk4i0q7hFMUZq9sReNjmuqO8w+o
0J4CzRO+Qont4jp5k1jfvEBU6AinI5mO+CPo4jEy6x44PElHGR2CzsuPtWqQtXhF
1jCsF4U9A2z35vmsc7kvLwbhv2Cd9kZLGuYGGZTVMGXF4gpTJ4SaNuKA5y6bZ6HQ
AgOcLlrhyPW05UsUiS16wEFfnQsfE1n64ozINMPSRa1pN6UkeoZ1oucVPcMPHFgk
PBDKNCQ8PmkLdtyZFYpMZZ2Y6ZOwHbS/eNtJkDSYwfips6ptGLgnMnKm19ZP5mc4
q4ira6I3A82nHnmW529LlFGLYLku1wuFO6eJtwaCiav8cwY05uMkf6KdLWD52Pqq
qf9zKXL1StjUNZHBQompttvCyZGMFtzMiRFPYAhroP43BAJVconH5v29zq06ze5C
py4XfTnASXyECFlKCRITptQcI0aKsZAjy8iGBBaCu1rVzDplwOQ=
=rOrM
-----END PGP SIGNATURE-----

M
M
Miguel Arruga Vivas wrote on 21 Oct 2019 16:46
20191021164629.5a0ae2e0@gmail.com
Hi,

This bug can be easier to fix than we thought. :-D

As a workaround, you only have to execute:

$ sudo mkdir /sys/fs/cgroup/unified/{machine,system,user}

The folders should be created at libvirtd start, probably manually with
some extra cgroup magic that I don't understand yet, but this works
well and new machines can be created. I'll take a look this week into
the libvirtd service if nobody takes it first, as this is quite trivial.

Best regards,
Miguel
M
M
Miguel Arruga Vivas wrote on 27 Oct 2019 10:37
20191027103719.47a9f1ea@gmail.com
Hello again,

The two patches attached create the cgroup directory needed and remove
the warning for the ip binary missing. Still the following errors
are emitted to the log.

--------------------8<-------------------
error : virConnectGetCPUModelNames:1109 : this function is not supported by the connection driver: virConnectGetCPUModelNames
error : virConnectGetAllDomainStats:11705 : this function is not supported by the connection driver: virConnectGetAllDomainStats
error : virCgroupSetValueRaw:473 : Unable to write to '/sys/fs/cgroup/unified/machine/qemu-1-Guix.libvirt-qemu/tasks': No such file or directory
error : virCgroupRemoveRecursively:2383 : Unable to remove /sys/fs/cgroup/unified/machine/qemu-1-Guix.libvirt-qemu/ (16)
-------------------->8-------------------

The last two may indicate there may be lurking another bug in the
cgroups configuration, but at least the machines can be created and
started/stopped seamlessly. What do you think?

Happy hacking!
Miguel
From a5dd055ea0fc20420cca6df2d38302596d397c49 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miguel=20=C3=81ngel=20Arruga=20Vivas?=
<rosen644835@gmail.com>
Date: Sun, 27 Oct 2019 03:56:17 +0100
Subject: [PATCH 1/2] services: libvirtd: Create required control groups.

* gnu/services/virtualization.scm (libvirt-shepherd-service)
[libvirtd-activation]: New shepherd service.
[libvirtd]: Add a requirement of the new service.
---
gnu/services/virtualization.scm | 11 +++++++++++
1 file changed, 11 insertions(+)

Toggle diff (26 lines)
diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm
index bc8ac9b40a..2f26945efd 100644
--- a/gnu/services/virtualization.scm
+++ b/gnu/services/virtualization.scm
@@ -428,8 +428,19 @@ potential infinite waits blocking libvirt."))
(let* ((config-file (libvirt-conf-file config))
(libvirt (libvirt-configuration-libvirt config)))
(list (shepherd-service
+ ;; See https://libvirt.org/cgroups.html#currentLayoutGeneric
+ (documentation "Create the cgroup hierarchy required by libvirt.")
+ (provision '(libvirtd-activation))
+ (requirement '(file-system-/sys/fs/cgroup))
+ (one-shot? #t)
+ (start #~(lambda args
+ (let ((path "/sys/fs/cgroup/unified/machine"))
+ (or (access? path F_OK) (mkdir path)))))
+ (stop #~(lambda args #t)))
+ (shepherd-service
(documentation "Run the libvirt daemon.")
(provision '(libvirtd))
+ (requirement '(libvirtd-activation))
(start #~(make-forkexec-constructor
(list (string-append #$libvirt "/sbin/libvirtd")
"-f" #$config-file)
--
2.23.0
From 24f7c06a47562f410ceb982a3b2a0d44980de392 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Miguel=20=C3=81ngel=20Arruga=20Vivas?=
<rosen644835@gmail.com>
Date: Sun, 27 Oct 2019 03:59:23 +0100
Subject: [PATCH 2/2] services: libvirtd: Provide ip binary at runtime.

* gnu/services/virtualization.scm (libvirt-shepherd-service): Add sbin to
the PATH variable, as ip binary is installed there.
---
gnu/services/virtualization.scm | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

Toggle diff (20 lines)
diff --git a/gnu/services/virtualization.scm b/gnu/services/virtualization.scm
index 2f26945efd..488cd63041 100644
--- a/gnu/services/virtualization.scm
+++ b/gnu/services/virtualization.scm
@@ -444,9 +444,11 @@ potential infinite waits blocking libvirt."))
(start #~(make-forkexec-constructor
(list (string-append #$libvirt "/sbin/libvirtd")
"-f" #$config-file)
+ ;; For finding qemu and ip binaries.
#:environment-variables
- ;; For finding qemu binaries.
- '("PATH=/run/current-system/profile/bin")))
+ (list (string-append
+ "PATH=/run/current-system/profile/bin:"
+ "/run/current-system/profile/sbin"))))
(stop #~(make-kill-destructor))))))
(define libvirt-service-type
--
2.23.0
C
C
Chris Marusich wrote on 7 Nov 2019 09:44
(name . Miguel Arruga Vivas)(address . rosen644835@gmail.com)
87a798xeho.fsf@gmail.com
Hi Miguel,

Miguel Arruga Vivas <rosen644835@gmail.com> writes:

Toggle quote (17 lines)
> Hello again,
>
> The two patches attached create the cgroup directory needed and remove
> the warning for the ip binary missing. Still the following errors
> are emitted to the log.
>
> --------------------8<-------------------
> error : virConnectGetCPUModelNames:1109 : this function is not supported by the connection driver: virConnectGetCPUModelNames
> error : virConnectGetAllDomainStats:11705 : this function is not supported by the connection driver: virConnectGetAllDomainStats
> error : virCgroupSetValueRaw:473 : Unable to write to '/sys/fs/cgroup/unified/machine/qemu-1-Guix.libvirt-qemu/tasks': No such file or directory
> error : virCgroupRemoveRecursively:2383 : Unable to remove /sys/fs/cgroup/unified/machine/qemu-1-Guix.libvirt-qemu/ (16)
> -------------------->8-------------------
>
> The last two may indicate there may be lurking another bug in the
> cgroups configuration, but at least the machines can be created and
> started/stopped seamlessly. What do you think?

With the patch you submitted upstream (not the patches you attached to
your previous email here), I can confirm the issue is fixed for me, and
that I do NOT observe the errors you mentioned above.

I see the patch was incorporated into Guix master in commit
aa1f0896fb15a0bdcc5474839c8afdbb2520d603. That is good, and I think
this issue can be resolved. If nobody follows up in a few days' time,
let's close the bug report.

Regarding your other patch in this thread to find the "ip" program at
run-time, could you open a new bug report or patch (via
guix-patches@gnu.org) for that? It seems unrelated to the issue at
hand.

Thank you for your help,

--
Chris
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAl3D2WMACgkQ3UCaFdgi
Rp02DBAAsXrVEdD6BKwjjIuFQ3U8zlL5mH14OBNyfLel/CD9VvcUAYLikil5FaM7
wOoUu8jAmapb+DG1FO62+aSqXQjELtGn5V9IQe8liF+u5GAVjFHjymmoH2oDV13d
Bw9k7IPKeD9wtC//iImx4VR5+FTRe4LZg1oUryVn6OcEkHrxhMWnLOmHoGsHQHe6
B6qFTcby8lA7iuGkTzeYNiJSmv24IgT6h2OpFFEpEkzf7Gt/a+1IRRylVji4nnlp
0rNt1gtKhNnjORwulTzPzVd7r/38O85umnq0UEti+7l5Ps8ZizNlgqMRC2Z1/LDm
fsdy9acWS/WeIjcwmD2avdhPoidPdnE3TNnUma1aongibApwZd4KWj+H+9dooxOV
PdwMyN3motFM0ZfQCk/ISNkzpFFa2ewdrwAD+dSq/0vjIrC6CI936ILNKm6kZ7lo
1Qi5s8RzJ8Y6oqyJsiGFBFLmS+3HEMJnWtaoM7e6FQQ5AUDFAmEir4WaICZKvb8V
7Lr85XsYLXuT4OO7dYatJJNSM5mmbwvx1gRJz5EIE1GOLlDIG+jswl3oXNIcL1Kc
XzwRY5/k1gSFG97bTsZ0NDpj33Rp+8rbnCYFEtp1/4TExEEMYSz+HvYnyUVtMCBT
g3d9oxZEUmOTA1bFr6XMROCBQluRtG703HY7oU2XhbpZLd8sXtc=
=2ifq
-----END PGP SIGNATURE-----

M
M
Miguel Arruga Vivas wrote on 8 Nov 2019 01:53
(name . Chris Marusich)(address . cmmarusich@gmail.com)
20191108015105.354ef1c4@gmail.com
Hi Chris,

Chris Marusich <cmmarusich@gmail.com> writes:
Toggle quote (4 lines)
> With the patch you submitted upstream (not the patches you attached to
> your previous email here), I can confirm the issue is fixed for me,
> and that I do NOT observe the errors you mentioned above.

Sorry, I did not send the email here.

Toggle quote (5 lines)
> I see the patch was incorporated into Guix master in commit
> aa1f0896fb15a0bdcc5474839c8afdbb2520d603. That is good, and I think
> this issue can be resolved. If nobody follows up in a few days' time,
> let's close the bug report.

I created 38032 on guix-patches and Ludo’ applied them.

Toggle quote (4 lines)
> Regarding your other patch in this thread to find the "ip" program at
> run-time, could you open a new bug report or patch (via
> guix-patches@gnu.org) for that?

It was included in that patchset and it was unrelated, yes. On
master it's commit 2dfb9ba406.

Toggle quote (2 lines)
> It seems unrelated to the issue at hand.

I've been using the patches now on master this week and I have a really
annoying problem: the mouse is drawn on top of the vm screen. This
one is unrelated too, so I should open a new bug, maybe to
virt-manager...

Toggle quote (2 lines)
> Thank you for your help,

Thank you too, as you reported upstream and provided a great test
environment, which will help them to test my solution or find better
ones. :)

Happy hacking!
Miguel
B
B
Brice Waegeneire wrote on 19 Mar 2020 11:06
(no subject)
(address . 36634@debbugs.gnu.org)
76c4a36a5e46a15e32ecdc95d8189182@waegenei.re
Hello,

Toggle quote (8 lines)
> Chris Marusich <cmmarusich@gmail.com> writes:
>> I see the patch was incorporated into Guix master in commit
>> aa1f0896fb15a0bdcc5474839c8afdbb2520d603. That is good, and I think
>> this issue can be resolved. If nobody follows up in a few days' time,
>> let's close the bug report.
>
> I created 38032 on guix-patches and Ludo’ applied them.

Looks like this issue can be closed.
I can't reproduce the bug. Upstream fixed it in libvirt 5.10, so
we'll be able to remove Miguel's patch when we upgrade libvrit.

Brice.
B
?