So I did some testing and and removed the “all_squash,anonuid=36,anongid=36”, set all the image directories to 0755, added libvirt to the kvm group, then rebooted.

 

After doing so, sanlock had no access to the directories and neither did libvert. Leaving everything else alone, I changed the the perms to 0760, sanlock no longer complained, but libvirtd still complained about file permissions.

 

Next test was to the change file perms to 770 and I got the same error with libvertd.

 

I have not done any linux work for quite a while so please correct me, but if I do a “ps aux | grep libvirt” I see the libvritd process running as root. Does the libvirt user get invoked only when a script is running? If the daemon is only running as root, then would it not be trying to access storage as root at this point?

 

This is my ps list:

 

root      2898  0.1  0.0 1553860 28580 ?       Ssl  14:45   0:01 /usr/sbin/libvirtd –listen

 

 

Here is what I see in the audit log:

 

type=VIRT_CONTROL msg=audit(1576336098.295:451): pid=2898 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 msg='virt=kvm op=start reason=booted vm="HostedEngine" uuid=70679ece-fbe9-4402-b9b0-34bbee9b6e69 vm-pid=-1 exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=? res=failed