After upgrading to libvirt-9.6.0 noticed that I can no longer start my VM with my PCI wifi adapter given to it. The diag was about not authorized to open /dev/vfio/vfio When I examined the permissions on /dev/vfio/vfio I've seen: PF16W6Y2 ~ # ls -l /dev/vfio/vfio crw------- 1 root root 10, 196 авг 3 08:34 /dev/vfio/vfio Naturally, chgrp qemu /dev/vfio/vfio && chmod g+rw /dev/vfio/vfio gave me the desired result immediately. I've searched thru the udev directories and I found that the only udev rule for vfio is: PF16W6Y2 /etc/udev/rules.d # grep -r vfio /usr/lib/udev/rules.d/ /run/udev/ /etc/udev/ /usr/lib/udev/rules.d/50-udev-default.rules:KERNEL=="vfio", MODE="0666", OPTIONS+="static_node=vfio/vfio" apparently when /dev/vfio/vfio is supposed to be world-read/writable,I should have no problems. I wonder who/what may have changed the perms...
... https://github.com/systemd/systemd/issues/28653, maybe?
Interesting. This is qemu:///system URI, I assume. In that case, by default, libvirt would create a private /dev (see namespaces in /etc/libvirt/qemu.conf) and inside it, /dev/vfio/vfio; but it assumes the correct seclabel is set. IOW, libvirt should not change ownership of the /dev/vfio/vfio file. You can see if it's udev by manually attaching the PCI device to vfio, e.g. like this: virsh nodedev-detach pci_XXX.... if /dev/vfio/vfio ownership changes after this step then it's udev. Or if you want to take libvirt out of the picture completely, you can: echo vfio-pci > /sys/bus/pci/devices/$PCI_ADDRESS/driver_override echo $PCI_ADDRESS > /sys/bus/pci/drivers_probe This is essentially what libvirt does under the hood anyways. BTW: I don't have that udev rule file, but I'm running openrc. Is this systemd?
Yep, looks like systemd issue: https://github.com/yuwata/systemd/commit/33b91308c26ca5d512e43b6b32d596a2c9237d04 (follow links in the commit message) Thanks Sam for pointing us in the right direction!
I'll backport the fix.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=939a1468f8957a670026888a01d4601a00f17142 commit 939a1468f8957a670026888a01d4601a00f17142 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-08-05 23:06:46 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-08-05 23:06:54 +0000 sys-apps/systemd: backport tmpfiles/udev permissions race fix Closes: https://bugs.gentoo.org/911723 Signed-off-by: Sam James <sam@gentoo.org> .../systemd/files/systemd-254-tmpfiles-udev.patch | 88 ++++ sys-apps/systemd/systemd-254-r2.ebuild | 528 +++++++++++++++++++++ 2 files changed, 616 insertions(+)
systemd-254-r2 didn't fix this for me... I still have to manually modify the perms on /dev/vfio/vfio
https://github.com/systemd/systemd/pull/28681#issuecomment-1666949888
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f5eda40dae56a34f3d44e3973e88aafbabc97998 commit f5eda40dae56a34f3d44e3973e88aafbabc97998 Author: Sam James <sam@gentoo.org> AuthorDate: 2023-08-09 21:05:44 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-08-09 21:05:44 +0000 sys-apps/systemd: add 254.1 Bug: https://bugs.gentoo.org/911723 Signed-off-by: Sam James <sam@gentoo.org> sys-apps/systemd/Manifest | 1 + sys-apps/systemd/systemd-254.1.ebuild | 525 ++++++++++++++++++++++++++++++++++ 2 files changed, 526 insertions(+)
systemd-254.1 I've got similar problem, but with /dev/rfkill After boot it has permissions 600 (defined in /run/tmpfiles.d/static-nodes.conf) $ cat /run/tmpfiles.d/static-nodes.conf c! /dev/ppp 0600 - - - 108:0 d /dev/snd 0755 - - - c! /dev/snd/timer 0600 - - - 116:33 d /dev/snd 0755 - - - c! /dev/snd/seq 0600 - - - 116:1 c! /dev/rfkill 0600 - - - 10:242 after # udevadm test /dev/rfkill udev sets permissions to proper value of 644, as defined in /lib/udev/rules.d/50-udev-default.rules:101
I have linked several PRs from upstream. Rather than attempting to backport the changes, I'm waiting for a new stable release.
I just checked git version (systemd-9999) - works fine for me.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2dcfd6ce1952b2c37fefd04fe11cfbb1ef8ebe41 commit 2dcfd6ce1952b2c37fefd04fe11cfbb1ef8ebe41 Author: Mike Gilbert <floppym@gentoo.org> AuthorDate: 2023-08-17 01:07:13 +0000 Commit: Mike Gilbert <floppym@gentoo.org> CommitDate: 2023-08-17 01:07:13 +0000 sys-apps/systemd: backport tmpfiles/udev fix Closes: https://bugs.gentoo.org/911723 Signed-off-by: Mike Gilbert <floppym@gentoo.org> .../systemd-254.1-tmpfiles-setup-dev-early.patch | 252 +++++++++++++++++++++ ...ystemd-254.1.ebuild => systemd-254.1-r1.ebuild} | 1 + 2 files changed, 253 insertions(+)
