本文介绍了将IVSHMEM与libvirt virt-manager一起使用的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

qemu 中使用 ivshmem 需要执行以下步骤.

Using ivshmem in qemu requires the following steps.

  1. 在主机./ivshmem_server中启动ivshmem服务器,这将创建Unix域套接字/tmp/ivshmem_socket
  2. 使用以下命令行选项启动qemu--chardev socket,path=/tmp/ivshmem_socket,id=ivshmem_socket -device ivshmem,chardev=ivshmem_socket,size=1m
  1. Start ivshmem server in host ./ivshmem_server which will create a unix domain socket /tmp/ivshmem_socket
  2. Start qemu with the following command line options- -chardev socket,path=/tmp/ivshmem_socket,id=ivshmem_socket -device ivshmem,chardev=ivshmem_socket,size=1m

现在,如果我们在guest虚拟机中执行lspci,则会在其中显示ivshmem pci设备.

Now if we do lspci in guest, the ivshmem pci device is shown in it.

如何在virt-manager中执行相同的操作?具体来说,我想做两件事.

How can I do the same in virt-manager?Specifically, I want to do 2 things.

  • 在virt-manager启动时,将上述命令行选项传递给qemu
  • libvirt virt-manager使用 apparmor 隔离来宾,如何确保VM不会拒绝对/tmp/ivshmem_socket的访问?
  • Pass the above command line option to qemu, when virt-manager starts it
  • libvirt virt-manager uses apparmor to isolate guests, how to make sure that access to /tmp/ivshmem_socket is not denied to the VM ?

推荐答案

传递命令行选项

从virt-manager向qemu传递命令行选项需要执行以下步骤.

Passing command line option to qemu from virt-manager requires the following steps.

  • virsh edit <name of vm>,或使用vim /etc/libvirt/qemu/<name of virtual machine>.xml
  • 直接修改文件
  • <domain type='kvm'>更改为<domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
  • 为命令行参数添加标签
  • virsh edit <name of vm> , or directly modify the file using vim /etc/libvirt/qemu/<name of virtual machine>.xml
  • change <domain type='kvm'> to <domain type='kvm' xmlns:qemu='http://libvirt.org/schemas/domain/qemu/1.0'>
  • add tags for command line parameters
<qemu:commandline>
    <qemu:arg value='-chardev'/>
    <qemu:arg value='socket,path=/tmp/ivshmem_socket,id=ivshmem_socket'/>
    <qemu:arg value='-device'/>
    <qemu:arg value='ivshmem,chardev=ivshmem_socket,size=1m'/>
</qemu:commandline>

执行完此操作后,qemu将尝试访问/tmp/ivshmem_socket,并且由于有apparmor(在我的情况下,libvirt使用的是apparmor,因此最好也使用SeLinux),访问将被拒绝,并且出现类似于以下内容的错误将显示.

After doing this, qemu will try to access /tmp/ivshmem_socket, and because of apparmor (libvirt was using apparmor in my case, it may as well use SeLinux), the access will be denied, and an error similar to the following will be shown.

error starting domain: internal error: process exited while connecting to monitor:
  ...
virt-manager Failed to connect socket: Permission denied

AppArmor

要解决此错误,需要执行以下两个步骤.

To fix this error, the following two steps are required.

1.使qemu以root用户身份运行 (此步骤为optional,您可能不需要执行此操作,请继续执行第二步)

1. Make qemu run as root (This step is optional, and may not be required for you, continue to second step)

  • vim /etc/libvirt/qemu.conf
  • user =group =行更改为以下内容
  • vim /etc/libvirt/qemu.conf
  • change the lines user =, and group = , to the following

重新启动PC或libvirt守护程序.

Restart PC or libvirt daemon.

2. AppArmor

2. AppArmor

  • 从其xml配置文件中找到来宾的uuid(使用virsh编辑并查找标签)
  • cd /etc/apparmor.d/libvirt
  • 检查是否存在libvirt-<uuid>文件,将<uuid>替换为vm的uuid
  • 将AppArmor模式更改为抱怨而不是强制执行,这将允许VM的所有操作,并记录应该被阻止的操作.

  • find the uuid of guest from its xml configuration file (use virsh edit and look for tag)
  • cd /etc/apparmor.d/libvirt
  • check if libvirt-<uuid> file is present, replace <uuid> with uuid of vm
  • Change AppArmor mode to complain, instead of enforcing, which will allow all actions of the VM, and log those which should have been blocked.

sudo aa-complain libvirt-<uuid> //replace <uuid> with uuid of vm

这篇关于将IVSHMEM与libvirt virt-manager一起使用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

06-30 10:48