Project

General

Profile

Bug #11411

Vagrant build doc should tell what filesystem permissions must be granted to the libvirt-qemu user

Added by intrigeri over 1 year ago. Updated 3 months ago.

Status:
Confirmed
Priority:
Normal
Assignee:
Category:
Build system
Target version:
-
Start date:
05/11/2016
Due date:
% Done:

0%

QA Check:
Feature Branch:
Type of work:
Contributors documentation
Blueprint:
Easy:
Affected tool:

Description

Call to virDomainCreateWithFlags failed: internal error: early end of file from monitor, possible problem: 2016-05-11T12:12:00.380129Z qemu-system-x86_64: -device virtio-9p-pci,id=fs0,fsdev=fsdev-fs0,mount_tag=9aaa2faa29f5edaf04deda5b7a3c0bd,bus=pci.2,addr=0x3: Virtio-9p Failed to initialize fs-driver with id:fsdev-fs0 and export path:/home/intrigeri/tails/git/vagrant

To make QEMU start, I had to use setfacl to give the libvirt-qemu "x" access to the directory hierarchy up to, and including, vagrant. Then, to make provisioning work, I had to recursively give read access to .git, and to vagrant/provision/assets. And finally, for the build process to start, I had to recursively do o+rx on .git (because the build process is run as the vagrant user, whose uid doesn't match mine). And now I have a build running! :)

I think that one shouldn't have to go through this guessing+retrying process, just because they set strict permissions to the path to their Tails Git tree (not even mentioning using a strict umask), so something about this should be documented. We can go crazy and simply require some superset of what we really need, in order to simplify the doc (if we go into more details, I suspect it'll bitrot).

I don't know if that's a regressions vs. the previous Vagrant setup, so not setting target version. If it's a regression, it would be nice if it was fixed for 2.5 to the latest.

In passing: perhaps using a different synced folder provider (e.g. the rsync one) would simplify this a lot?


Related issues

Related to Tails - Bug #12081: Fresh vagrant-libvirt setup has broken synced folders Resolved 12/25/2016

Associated revisions

Revision 48598b8f (diff)
Added by intrigeri 9 months ago

Vagrant build doc: point to the ticket about missing permissions doc (refs: #11411).

History

#1 Updated by intrigeri over 1 year ago

(In passing: once this problem is addressed, maybe it would be nice to send an announce to tails-dev@ to encourage more people to do the switch. I'll happily convey my good feelings about the whole thing there :)

#2 Updated by intrigeri 11 months ago

  • Related to Bug #12081: Fresh vagrant-libvirt setup has broken synced folders added

#3 Updated by intrigeri 9 months ago

intrigeri wrote:

To make QEMU start, I had to use setfacl to give the libvirt-qemu "x" access to the directory hierarchy up to, and including, vagrant. Then, to make provisioning work, I had to recursively give read access to .git, and to vagrant/provision/assets.

That's not enough anymore on my sid: after another round of debugging, I had to give libvirt-qemu "r" access to the vagrant directory (which now has this ACL: user:libvirt-qemu:r-x).

#4 Updated by intrigeri 9 months ago

As a temporary stopgap measure I've pointed to this ticket from the build doc. My commit shall be reverted once we have better documentation about this problem.

#5 Updated by intrigeri 8 months ago

When trying to build wip/11972-use-vagrant-in-jenkins I also had to give read access to libvirt-qemu on the root of my Git working copy.

#6 Updated by anonym 5 months ago

#7 Updated by anonym 5 months ago

  • Target version set to Tails_3.2

#8 Updated by intrigeri 3 months ago

  • Parent task deleted (#7526)

(1.5 years later, let's close #7526 and handle this one separately.)

#9 Updated by intrigeri 3 months ago

  • Target version deleted (Tails_3.2)

I can't recall anyone reporting problems with that recently, possibly because the setup doc now points to this very ticket. So my understanding is that the current situation is not nice, but the ugly workaround I put in place 6 months ago seems to work => dropping target version.

#10 Updated by intrigeri 3 months ago

Also available in: Atom PDF