Page 1 of 1
VM cannot access qcow2 file
Posted: Tue Apr 22, 2025 7:41 am
by gilblais
QEMU VM cannot access qcow2 storage with my user as owner. Have tried many chown/chmod combinations, but my lack of Debian expertise prevents success. Any help is well appreciated,
Re: VM cannot access qcow2 file
Posted: Tue Apr 22, 2025 10:17 am
by Senpai
gilblais wrote: Tue Apr 22, 2025 7:41 am
QEMU VM cannot access qcow2 storage with my user as owner. Have tried many chown/chmod combinations, but my lack of Debian expertise prevents success. Any help is well appreciated,
Hi:
Something similar happened to me when accessing from a laptop to the external drive where I have the VMs, try to give your user permission on the folder "/media/gil", I solved it like this:
Code: Select all
sudo chown -R youruser:yourgroup /media/foldername
You can also do it from Thunar as administrator in the properties of that folder and change the permissions to everything under...
Best regards
Re: VM cannot access qcow2 file
Posted: Tue Apr 22, 2025 12:58 pm
by gilblais
The SSD-980 is an NTFS file system if that makes a difference.
Here are the associated system details:
Error starting domain: Cannot access storage file '/media/gil/SSD-980/VM-QCOWS/MX-23.5' (as uid:64055, gid:64055): Permission denied
Traceback (most recent call last):
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 72, in cb_wrapper
callback(asyncjob, *args, **kwargs)
File "/usr/share/virt-manager/virtManager/asyncjob.py", line 108, in tmpcb
callback(*args, **kwargs)
File "/usr/share/virt-manager/virtManager/object/libvirtobject.py", line 57, in newfn
ret = fn(self, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/share/virt-manager/virtManager/object/domain.py", line 1402, in startup
self._backend.create()
File "/usr/lib/python3/dist-packages/libvirt.py", line 1373, in create
raise libvirtError('virDomainCreate() failed')
libvirt.libvirtError: Cannot access storage file '/media/gil/SSD-980/VM-QCOWS/MX-23.5' (as uid:64055, gid:64055): Permission denied
Re: VM cannot access qcow2 file
Posted: Tue Apr 22, 2025 1:05 pm
by gilblais
Also - system cannot change permissions - see attached.
Re: VM cannot access qcow2 file
Posted: Tue Apr 22, 2025 1:38 pm
by timkb4cq
Not an expert in this but I have read that qemu VMs cannot open a filesystem mounted outside of their working directory.
Try using disk-manager to mount the drive with the qcow file inside the VM working directory instead of under /media
Re: VM cannot access qcow2 file
Posted: Tue Apr 22, 2025 1:40 pm
by fehlix
gilblais wrote: Tue Apr 22, 2025 12:58 pm
libvirt.libvirtError: Cannot access storage file '/media/gil/SSD-980/VM-QCOWS/MX-23.5' (as uid:64055, gid:64055): Permission denied
Suggest mount with disk-manager under /mnt instead of manually under /media:
like this mount point:
B/c: /media/usernam mount performed by udisks, will set "ACL" "Access Control List" restrictions:
In your case the acl may look like this:
Code: Select all
getfacl /media/gil/
# file: media/gil
# owner: root
# group: root
user::rwx
user:gil:r-x
group::---
mask::r-x
other::---
which is: the directory is owned by root, but through ACL given
permissions to the user "gil", where "other" indicates no-access for other usera like "qemu".
And ACL can't be changed with chmod.
Hence suggest use another mount point, handled not by udisks.
Also ntfs3 vs ntfs-3g might be relevant, depending and kernel you are using.
Re: VM cannot access qcow2 file
Posted: Tue Apr 22, 2025 3:04 pm
by gilblais
Here is what I get:
$ getfacl media/gil
getfacl: media/gil: No such file or directory
gil@mx:~
$ getfacl /media/gil/
getfacl: Removing leading '/' from absolute path names
# file: media/gil/
# owner: root
# group: root
user::rwx
user:gil:r-x
group::---
mask::r-x
other::---
Re: VM cannot access qcow2 file
Posted: Tue Apr 22, 2025 3:45 pm
by gilblais
Attached is my system info file
Re: VM cannot access qcow2 file
Posted: Tue Apr 22, 2025 4:17 pm
by fehlix
gilblais wrote: Tue Apr 22, 2025 3:04 pm
Here is what I get:
$ getfacl media/gil
getfacl: media/gil: No such file or directory
gil@mx:~
$ getfacl /media/gil/
getfacl: Removing leading '/' from absolute path names
# file: media/gil/
# owner: root
# group: root
user::rwx
user:gil:r-x
group::---
mask::r-x
other::---
Yes. "
other::---" Hence the advice given to mount under /mnt/SSD-980/ using
disk-mangager
( on cli/terminal command line use
disk-manager-launcher ).
Open disk-manager, First unmount the existing mount, click Edit, navigate to /mnt and create a new directory "SSD-980"
under /mnt. and select SSD-980. but keep gvfs-show mountoption ( so it will be visible in Thunar.)
This mount will also default to use ntfs-3g, which is known to be more stable and robust compared to the fairly new "ntfs3".
In case you don't have the external drive permanently connected, add
nofail mount options to the exiting ones, this might help systemd not to complain or wait when it can't find the external drive.
and otionally add also "noauto" as it will no mounted with boot, but can be mount with one click in Thunar.
OK, disk-manager would default to mount under /media, which was chosen as a compromise,
but carries a potential conflict, in case a partition would have the same label as a username. So, I personally
do recommend get out of the conflict and use a new directory under /mnt.
Re: VM cannot access qcow2 file
Posted: Tue Apr 22, 2025 4:21 pm
by DukeComposed
gilblais wrote: Tue Apr 22, 2025 12:58 pm
The SSD-980 is an NTFS file system if that makes a difference.
Here are the associated system details:
Error starting domain: Cannot access storage file '/media/gil/SSD-980/VM-QCOWS/MX-23.5' (as uid:64055, gid:64055): Permission denied
The UID and GID of 64055 are unusual. Typically if you're running MX as an unpriviledged user its UID will by 1000, or close to 1000.
If I were in this situation, I'd check that I have read and/or write permissions to each part of the path:
Code: Select all
$ whoami
demo
$ id demo
uid=1000(demo) gid=1000(demo) groups=1000(demo)
Code: Select all
ls -la / | grep media
ls -la /media | grep gil
ls -la /media/gil | grep SSD-980
And so on. It's OK if the ownership is root, but the mode of each directory needs to be 0755 in order to get to the contents within it. If I have a directory that's owned by UID:GID 64055:64055 and my UID:GID is 1000:1000, I can still read it if the permissions grant
read access to everyone.
Re: VM cannot access qcow2 file
Posted: Tue Apr 22, 2025 4:27 pm
by fehlix
DukeComposed wrote: Tue Apr 22, 2025 4:21 pm
gilblais wrote: Tue Apr 22, 2025 12:58 pm
The SSD-980 is an NTFS file system if that makes a difference.
Here are the associated system details:
Error starting domain: Cannot access storage file '/media/gil/SSD-980/VM-QCOWS/MX-23.5' (as uid:64055, gid:64055): Permission denied
The UID and GID of 64055 are unusual. Typically if you're running MX as an unpriviledged user its UID will by 1000, or close to 1000.
That's Qemu process and userid, which needs to access the offered qcow2 img, which it can't due to restrictions to the user only access under the media path.
Re: VM cannot access qcow2 file
Posted: Tue Apr 22, 2025 4:38 pm
by DukeComposed
fehlix wrote: Tue Apr 22, 2025 4:27 pm
That's Qemu process and userid, which needs to access the offered qcow2 img, which it can't due to restrictions to the user only access under the media path.
I checked another machine where I have QEMU running first and the UID didn't show up in a quick search of /etc/passwd. Granted that other system isn't an MX host, so while I expected it might be QEMU-specific, the basic advice of "check the permissions of the path" still holds.
Re: VM cannot access qcow2 file
Posted: Tue Apr 22, 2025 5:00 pm
by fehlix
DukeComposed wrote: Tue Apr 22, 2025 4:38 pm
fehlix wrote: Tue Apr 22, 2025 4:27 pm
That's Qemu process and userid, which needs to access the offered qcow2 img, which it can't due to restrictions to the user only access under the media path.
I checked another machine where I have QEMU running first and the UID didn't show up in a quick search of /etc/passwd. Granted that other system isn't an MX host, so while I expected it might be QEMU-specific, the basic advice of "check the permissions of the path" still holds.
Probably one of those temporary userid's used by virtmanager/libvirt based VM's. Not sure wehter or not it is systemd specific.
I do use also Qemu, but rather self-managed without any additional helper daemons. just a plain, but very long command line,
starting with
Code: Select all
qemu-system-x86_64 -enable-kvm -name ...
where all is running as user, without any addtional daemons. so I don't have such issues.
Re: VM cannot access qcow2 file
Posted: Tue Apr 22, 2025 7:02 pm
by fehlix
OK, that userid/groupid 64055 is actualy libvirt, libvirt-qemu user/group create when installing
libvirt-daemon-system.
So, the suggestion would be using disk-manager(-launcher) and adjust mount options to be thoss for the NTFS external drive:
Code: Select all
defaults,noatime,uid=1000,gid=64055,dmask=0002,fmask=0113,utf8,x-gvfs-show,nofail
optionally add "noauto" incase mount at boot is not needed and install mount with click in Thunar would be good enough.
Which would grant libvirrt-qemu read-write access to the ntfs-3g mounted drive in order
to attach the qcow2 drive to a VM, and still keep user uid=1000 as default for read write access.
Chaning permssion and the /media/username/ path may be possible, but as the drive a a external usb-connected drive,
next boot the pemission changed might be gone and will be back to udisk-help used default permssions.
Re: VM cannot access qcow2 file
Posted: Sun Apr 27, 2025 7:01 pm
by gilblais
I now have converted it to /mnt/SSD-980 and I can run my VM. Good job and thank you.
However, when the VM is active, Thunar on the VM doesn’t show any SSD-980 contents, yet I have full rwx access on my Host machine. See Attachment.
I would like to have rwx access within the VM also.
Below shows terminal results from the VM
gil@mx:~
$ getfacl /mnt/SSD-980
getfacl: Removing leading '/' from absolute path names
# file: mnt/SSD-980
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
gil@mx:~
$ cat /etc/passwd | grep -i gil
gil
1000
:/home/gil:/bin/bash
gil@mx:~
Re: VM cannot access qcow2 file
Posted: Sun Apr 27, 2025 9:00 pm
by fehlix
gilblais wrote: Sun Apr 27, 2025 7:01 pm
I now have converted it to /mnt/SSD-980 and I can run my VM. Good job and thank you.
However, when the VM is active, Thunar on the VM doesn’t show any SSD-980 contents, yet I have full rwx access on my Host machine. See Attachment.
I would like to have rwx access within the VM also.
Below shows terminal results from the VM
gil@mx:~
$ getfacl /mnt/SSD-980
getfacl: Removing leading '/' from absolute path names
# file: mnt/SSD-980
# owner: root
# group: root
user::rwx
group::r-x
other::r-x
gil@mx:~
$ cat /etc/passwd | grep -i gil
gil
1000
:/home/gil:/bin/bash
gil@mx:~
Appears to me like an empty mount point. Are you sure the drive is mounted and attached. Maybe show the fstab, In case reboot with attached drive.
Re: VM cannot access qcow2 file
Posted: Mon Apr 28, 2025 1:15 am
by Eadwine Rose
Please post code like this: [code]code output here[/code]
Or you can select the code and tick the </> button (it's next to the quote)
Thanks.
Re: VM cannot access qcow2 file
Posted: Mon Apr 28, 2025 3:25 am
by gilblais
My VM QCOW2 file lives at /mnt/SSD-980/VM-QCOWS/ as DEBIAN.qcow2 so the SSD-980 seems to be mounted.
Here is the lsblk for it on the Host machine:
lsblk /dev/sdb1
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
sdb1 8:17 0 931.5G 0 part /mnt/SSD-980
Here is the lsblk n the VM machine ??
root@mx:~# lsblk /dev/sdb1
lsblk: /dev/sdb1: not a block device
root@mx:~# lsblk UUID=41A5899E5D57CA79
lsblk: UUID=41A5899E5D57CA79: not a block device
Attached find Host and VM fstab files. Note that when I added line 8 to the VM fstab file, the system locked up on boot and forced me to use sed to comment line 8 out, reboot and now it runs again w/o me able to access the SSD-980.
Re: VM cannot access qcow2 file
Posted: Mon Apr 28, 2025 5:44 am
by fehlix
gilblais wrote: Mon Apr 28, 2025 3:25 am
Attached find Host and VM fstab files. Note that when I added line 8 to the VM fstab file, the system locked up on boot and forced me to use sed to comment line 8 out, reboot and now it runs again w/o me able to access the SSD-980.
Host partions/drives/disks are not availabe /seen from within the VM-guest.
Access to partitions on the host from within a VM is done through drivers like virtiofs (or older "9p") driver, which can be setup with help of virt-manager.
You may look for "shared folder" or similar "wording" to add a partition (path on a partition) within virt-manager so they can be mounted with help of this drivers from within the guest.
1000
:/home/gil:/bin/bash