#563502 libvirt-bin: cannot use "-usbdevice host:auto:*.*:XXXX:YYYY" since libcap-ng is used

Package:
libvirt-bin
Source:
libvirt
Submitter:
Vincent Danjean
Date:
2023-04-17 15:57:43 UTC
Severity:
normal
Tags:
#563502#5
Date:
2010-01-03 13:33:11 UTC
From:
To:
  Hi,

  Since 0.7.2-4 (ie since the use of libcap-ng), my kvm/qemu virtual machine
cannot access USB devices declared with "-usbdevice host:auto:*.*:XXXX:YYYY"
I suspect this is due to a problem with permissions.
  I use this syntax "host:auto:*.*:XXXX:YYYY" so that the VM can handle
(dis)connection of my USB printer (not always switched on). Of course,
to get this argument, I use a wrapper for qemu-kvm in my config file
(ie <emulator>/usr/local/bin/qemu-kvm</emulator> and
/usr/local/bin/qemu-kvm is:
exec /usr/bin/kvm `echo $* | sed 's|-usbdevice host:\([^ ]*\)|-usbdevice host:auto:*.*:\1|g'`
)
  When libcap-ng is used, I can see in /var/log/libvirt/qemu/<vm>.log some
lines such as:
husb: open device 1.4
/dev/bus/usb/001/004: Permission denied
and my VM (ie the linux kernel in my VM) does not see any event when I
(dis)connect my USB printer.
  With 0.7.2-3, it works perfectly: the linux kernel in the VM log and handle
(dis)connect USB event when I switch on/off my printer.

  I hope this bug will be corrected (or a workaround will be found to disabled
the effect of libcap-ng) before the package migrate to testing because in my
use case, I cannot use it at all.

  Regards,
    Vincent
#563502#10
Date:
2010-01-03 19:16:53 UTC
From:
To:
severity 563502 normal
tag 563502 help

Hi Vincent,
thanks for checking the experimental version!
That's bad.
The use of emulators isn't really supported so this is supposed to break
sooner or later - even more since we're now also running kvm as
non-root, see below.
We should really look into fixing this upstream by making the wrapper
superflous - help on this would be appreciated:
https://bugzilla.redhat.com/show_bug.cgi?id=508645
Cheers,
 -- Guido
#563502#21
Date:
2010-01-04 08:47:50 UTC
From:
To:
Hi Vincent,
Could you check if adding manually adding a udev rule as described in
the above report solves your problem. The permissions of the device node
should be libvirt-qemu:kvm.
Cheers,
 -- Guido
#563502#26
Date:
2010-01-13 21:48:56 UTC
From:
To:
   Hi,

   Sorry for the delay. I just tested this evening the workaround you
suggest. And I can confirm that, indeed, adding a udev rules to change
to ownership of the usb device file is enough for qemu lauched by
libvirt to work.
   I manually added the rule for my USB printer. I do not know how this
can be made generic. But at least, I can now use the latest qemu
package for my VM.

   Regards,
     Vincent
#563502#31
Date:
2010-01-13 22:11:52 UTC
From:
To:
Glad it works. Thanks for checking! I'm currently checking with upstream
on howto best fix this.
Cheers,
 -- Guido
#563502#36
Date:
2010-01-13 23:20:06 UTC
From:
To:
We believe that the bug you reported is fixed in the latest version of
libvirt, which is due to be installed in the Debian FTP archive:

libvirt-bin_0.7.5-4_i386.deb
  to main/libv/libvirt/libvirt-bin_0.7.5-4_i386.deb
libvirt-dev_0.7.5-4_i386.deb
  to main/libv/libvirt/libvirt-dev_0.7.5-4_i386.deb
libvirt-doc_0.7.5-4_all.deb
  to main/libv/libvirt/libvirt-doc_0.7.5-4_all.deb
libvirt0-dbg_0.7.5-4_i386.deb
  to main/libv/libvirt/libvirt0-dbg_0.7.5-4_i386.deb
libvirt0_0.7.5-4_i386.deb
  to main/libv/libvirt/libvirt0_0.7.5-4_i386.deb
libvirt_0.7.5-4.diff.gz
  to main/libv/libvirt/libvirt_0.7.5-4.diff.gz
libvirt_0.7.5-4.dsc
  to main/libv/libvirt/libvirt_0.7.5-4.dsc
python-libvirt_0.7.5-4_i386.deb
  to main/libv/libvirt/python-libvirt_0.7.5-4_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 563502@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guido Günther <agx@sigxcpu.org> (supplier of updated libvirt package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
Format: 1.8
Date: Wed, 13 Jan 2010 23:57:26 +0100
Source: libvirt
Binary: libvirt-bin libvirt0 libvirt0-dbg libvirt-doc libvirt-dev python-libvirt
Architecture: source all i386
Version: 0.7.5-4
Distribution: unstable
Urgency: low
Maintainer: Debian Libvirt Maintainers <pkg-libvirt-maintainers@lists.alioth.debian.org>
Changed-By: Guido Günther <agx@sigxcpu.org>
Description:
 libvirt-bin - the programs for the libvirt library
 libvirt-dev - development files for the libvirt library
 libvirt-doc - documentation for the libvirt library
 libvirt0   - library for interfacing with different virtualization systems
 libvirt0-dbg - library for interfacing with different virtualization systems
 python-libvirt - libvirt Python bindings
Closes: 563502 564909
Changes:
 libvirt (0.7.5-4) unstable; urgency=low
 .
   * [18520c0] Same description of supported virt techs in all binary packages
     (Closes: #564909) - thanks to Loïc Minier
   * [49c357c] Implement path lookup for USB by vendor:product (Closes:
     #563502) - thanks to Cole Robinson
Checksums-Sha1:
 9203476ad78d12823adde206e9e965e0080224d6 1805 libvirt_0.7.5-4.dsc
 96de86fdef3489f3fe47866b8dde06ceb701db96 22085 libvirt_0.7.5-4.diff.gz
 368e24328fa7da6ad29063194204ad160be006cc 766232 libvirt-doc_0.7.5-4_all.deb
 9ab6ce0850b7c02d4618d74bddbee651001b5990 640110 libvirt-bin_0.7.5-4_i386.deb
 d0e105c5a78924bac0958d7cffaa359ec98a3148 614754 libvirt0_0.7.5-4_i386.deb
 7c89c7103b4e78c3d0edbc126639dd428a95bbb9 2162746 libvirt0-dbg_0.7.5-4_i386.deb
 2a8e6d0d857695c86ba6c5523b910b2651c016da 784642 libvirt-dev_0.7.5-4_i386.deb
 f963e9196bfee8e2c204b24ef9c138ed2d9f374f 222084 python-libvirt_0.7.5-4_i386.deb
Checksums-Sha256:
 c6a0c22fa28b846d31a806002b9ce4d256959c00ba8d3fbaaceb71c601d9f7ba 1805 libvirt_0.7.5-4.dsc
 7d12d9e601a8b0f4b5abab86d6bec0de1d472cdd87050fbae4f3ba444261970c 22085 libvirt_0.7.5-4.diff.gz
 33abf184362fa55a87769dce251fe91092f3fe45de39065aede60d2cb5b8ebaf 766232 libvirt-doc_0.7.5-4_all.deb
 5edef9fabdc595ec464c11cf0e29945467bafccd34d0e50de9186802eb6ef96b 640110 libvirt-bin_0.7.5-4_i386.deb
 6d7bf0dba00486bb2bb4d6b5a1fcc82f77328b39275f59fb574a5e1971e492cb 614754 libvirt0_0.7.5-4_i386.deb
 8be5c692f64f201d8d93913a6342ea1f61c92b2828e22058f467dca023ab48ad 2162746 libvirt0-dbg_0.7.5-4_i386.deb
 b7753864065c6ac7c5a1c4be741ad5a6f371f2b4c6eeda301fa2315db6d00cba 784642 libvirt-dev_0.7.5-4_i386.deb
 61a7a3ff2fe500e4325daf253da7d638787d9381bb5059f05fb4eda015ee3fb7 222084 python-libvirt_0.7.5-4_i386.deb
Files:
 a8cd1f27289ced072a21ad74c412ce3c 1805 libs optional libvirt_0.7.5-4.dsc
 9ae5e60b282c961923d5a42c6ab81dab 22085 libs optional libvirt_0.7.5-4.diff.gz
 2067a9e927996770210f3174a685f273 766232 doc optional libvirt-doc_0.7.5-4_all.deb
 652e2ae630d6463dea22f0997ae84b83 640110 admin optional libvirt-bin_0.7.5-4_i386.deb
 1e538b32c23a98894c7294eaf95cfe1d 614754 libs optional libvirt0_0.7.5-4_i386.deb
 a7b3c55c69a50f867c48288bf8e18353 2162746 debug extra libvirt0-dbg_0.7.5-4_i386.deb
 0004a2b7701e877177593befb1819cef 784642 libdevel optional libvirt-dev_0.7.5-4_i386.deb
 399b3a11feedb7659478c411b68880e7 222084 python optional python-libvirt_0.7.5-4_i386.deb
iD8DBQFLTlGFn88szT8+ZCYRAv0mAJ4imlHLaWFtYmRGKuGJ4xsCpr9m0ACfU3G0
d95kQULTq3TuECi1F0VeAyM=
=M8hH
-----END PGP SIGNATURE-----
#563502#41
Date:
2010-01-16 16:16:42 UTC
From:
To:
Hi,
I'm reopening this bug since it doesn't fix the device permissions for
the auto connect scenario but only for the "connect before domain start"
scenario.
Implementing managed mode in libvirt is in the works (see the referenced
upstream bug) - until then a udev rule is the best woraround.
Cheers,
 -- Guidio
#563502#48
Date:
2010-01-31 15:55:45 UTC
From:
To:
   Hi,
product is not available when I start it (and generally, my USB printer
is poweroff when I start my VM (dhcp server, cups server, ...)).

   In /var/log/libvirt/qemu, I got :
LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin HOME=/ /usr/local/bin/qemu-kvm -S -M pc -enable-kvm -m 256 -smp 1 -name kooot -uuid cbdef2ca-7957-4dff-3273-0f18bf5ed6d9 -nographic -monitor unix:/var/lib/libvirt/qemu/kooot.monitor,server,nowait -boot c -drive file=/srv/kvm/kooot/disk-kooot-amd64.raw,if=virtio,index=0,boot=on -net nic,macaddr=06:a4:a9:60:00:00,vlan=0,model=virtio,name=virtio.0 -net tap,fd=39,vlan=0,name=tap.0 -net nic,macaddr=06:a4:a9:60:00:01,vlan=1,model=virtio,name=virtio.1 -net tap,fd=40,vlan=1,name=tap.1 -net nic,macaddr=06:a4:a9:60:00:02,vlan=2,model=virtio,name=virtio.2 -net tap,fd=41,vlan=2,name=tap.2 -serial pty -parallel none -usb -usbdevice host:03f0:5b11
libvir: error : internal error Did not find USB device 3f0:5b11
   I recall you that /usr/local/bin/qemu-kvm is only a wrapper that change
-usbdevice host:03f0:5b11 into -usbdevice host:auto:*.*:03f0:5b11 before
invoking /usr/bin/kvm

   It seems that, with the patch you added, the VM cannot be started at
all if USB products describe in the config file are not here.


   To workaround this problem, I removed any reference to my USB printer
in the XML config file (so libvirt does not know anything about it and
so it do not try to find it when starting the VM) and I modified my
wrapper to add the whole argument "-usbdevice host:auto:*.*:03f0:5b11"
when I start the good WM.

   In my use case, 0.7.5-4 is a regression from 0.7.5-3.

   Regards,
     Vincent

PS: 0.7.5-4 and 0.7.5-5 behave the same way wrt this bug.
#563502#53
Date:
2010-01-31 16:54:57 UTC
From:
To:
Hi Vincent,
On Sun, Jan 31, 2010 at 04:55:45PM +0100, Vincent Danjean wrote:
[..snip..]
Yes. This is the intended behaviour since it makes sure permissions for
registered USB devices are set up correctly. Integrating managed mode
not as a workaround with an external wrapper but into libvirt itself is
on upstreams TODO list (see the referenced upstream bug).
Cheers,
 -- Guido