Libvirt raises permission denied when QEMU is accessing the VM on an external hard drive

Question

I wanted to use an external hard drive as a libvirt storage pool for my VMs.

I defined a new pool in /media/wenzel/OSWatcher/vms, and imported my vm win10-ts1-1507.qcow2 there.

However, when starting the VM with virsh, I have a permission denied:

virsh # start win10-ts1-1507
error: Failed to start domain win10-ts1-1507
error: Cannot access storage file '/media/wenzel/OSWatcher/vms/win10-ts1-1507.qcow2' (as uid:64055, gid:108): Permission non accordée

virsh #

• uid 64055: libvirt-qemu
• gid 108: kvm

I did a few tests, and it turns out that QEMU isn't able to access the qcow if the current working directory is located outside the of the hard drive's mount path (outside of /media/wenzel/OSWatcher):

https://drive.google.com/file/d/10RFrE_YZ6YpZnB7FWmIwF11SwH-QxNe7/view?usp=sharing

Also, I already allowed libvirt-qemu user to access /media/OSWatcher in the ACLs, and recursively until the vm image (as it was suggested here)

$ sudo getfacl win10-ts1-1507.qcow2
# file: win10-ts1-1507.qcow2
# owner: libvirt-qemu
# group: wenzel
user::rwx
user:libvirt-qemu:rwx
group::rwx
mask::rwx
other::rwx

Therefore I'm lost as to what is the root cause of this permission denied error.

I'm open to suggestion to dig into this issue.

Thanks !

Note: running on Ubuntu 20.04

Answer 1

Check if you are using SELinux:

# getenforce
Enforcing

Then if you do, set the SELinux boolean for USB:

# getsebool -a
...
virt_use_comm --> off
virt_use_execmem --> off
virt_use_fusefs --> off
virt_use_glusterd --> off
virt_use_nfs --> off
virt_use_rawip --> off
virt_use_samba --> off
virt_use_sanlock --> off
virt_use_usb --> off
virt_use_xserver --> off
...

If you do use SELinux, try setting the virt_use_usb boolean to on:

# setsebool -P virt_use_usb 1

That should work.