So I did some testing and and removed the “all_squash,anonuid=36,anongid=36”, set all the image directories to 0755, added libvirt to the kvm
group, then rebooted.
After doing so, sanlock had no access to the directories and neither did libvert. Leaving everything else alone, I changed the the perms to
0760, sanlock no longer complained, but libvirtd still complained about file permissions.
Next test was to the change file perms to 770 and I got the same error with libvertd.
I have not done any linux work for quite a while so please correct me, but if I do a “ps aux | grep libvirt” I see the libvritd process running
as root. Does the libvirt user get invoked only when a script is running? If the daemon is only running as root, then would it not be trying to access storage as root at this point?
This is my ps list:
root 2898 0.1 0.0 1553860 28580 ? Ssl 14:45 0:01 /usr/sbin/libvirtd –listen
Here is what I see in the audit log:
type=VIRT_CONTROL msg=audit(1576336098.295:451): pid=2898 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023
msg='virt=kvm op=start reason=booted vm="HostedEngine" uuid=70679ece-fbe9-4402-b9b0-34bbee9b6e69 vm-pid=-1 exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=? res=failed