#StackBounty: #bash #permissions #kvm #qemu #libvirt Clean way of running virt-install with an iso file that's in your home directo…

Bounty: 50

I have a script that automatically creates and runs a VM. That script is used by many people. You basically call the script giving it some information like what PCI or USB devices you want to pass through and which iso to use to install the OS and then the script runs sudo qemu-system-x86_64 with the appropriate parameters.

So if you break it down, you could currently call my script like this:

./create-vm.sh /home/me/os-images/windows10.iso

And this works fine.

But now I want to take it a step further and use sudo virt-install ... instead of sudo qemu-system-x86_64 ... and that is causing major issues because with virt-install it can’t access the iso file anymore. Presumably because it drops its root privileges and uses the qemu user even if I run it with sudo…

So now I have to make a difficult decision:

  • Do I move the iso file to /var/lib/libvirt/images? (No because the user might need that file in the exact location where it is right now.)
  • Do I copy the iso to /var/lib/libvirt/images? (No because the user might not have enough disk space and it just seems like a waste of resources.)
  • Do I set user = root or user = me in /etc/libvirt/qemu.conf? (No, because that is a global setting that might mess up other qemu stuff the user is doing. – I have tried it though and it causes libvirtd.service to crash.)
  • Do I add the group of the iso file to the qemu user? (No, because that could have unwanted side effects, potentially giving qemu more access in situations where the user wouldn’t want it. – Nevertheless, I’ve tried it and it didn’t work, presumably some SElinux magic is blocking it…)
  • Do I change the owner of the iso file to qemu? (No, because that might have unwanted side effects. – Besides that, when I try it I still get permission denied errors, probably because of SElinux.)
  • Do I mount the iso and make the mountpoint available to the qemu user? (No, because iso files can be very complex and some data will not be available in the mountpoint.)
  • Do I mount the folder containing the iso? (No because the iso file would still have the same owner/group.)

I just can’t seem to find a good solution. What am I supposed to do now? I really need some of the functionality that virt-install offers over qemu-system-x86_64.

Note: In reality there is not just one iso image, but also a floppy image, some other iso files containing drivers and an ACPI table file. I get permission errors for all of these files from virt-install.

Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.