Hi Serguei,
I thank you for your report, but must admit you lost me at the description.
Trying to understand your setup
1. you are running virsh define in a containter but from a host, do you mean like this?
$ lxc exec <containername> -- virsh define <guestname.xml>
2. You are exposing /var/lib/libvirt and /var/run to the host - Don't you usually expose from the Host to the Container. Could you provide the setup you used to do so, like the lxc profile or whatever applies?
3. in your container that runs libvirt, you added UID of root to the group of NOVA?
I guess depending on your answer to #2 a lot of my assumptions might be totally wrong, so please help to clarify those.
4.
From the error I think what happens is that your case is that the libvirt (wherever it is) can't reach qemu for the capability checks on the define. I think there is no need to run a full define to trigger this, could you also report what the following reports in your case (I'd assume it aborts as well):
$ virth capabilities
5.
And if that fails I don't yet see so much why/where this is about user/group permissions except invoking qemu-system-x86_64 but that is done by lobvirts user. The libvirt config might help to understand. Could you attach the config files that are reported (on your container?) when running:
$ sudo dpkg --verify libvirt-bin
Hi Serguei,
I thank you for your report, but must admit you lost me at the description.
Trying to understand your setup
1. you are running virsh define in a containter but from a host, do you mean like this?
$ lxc exec <containername> -- virsh define <guestname.xml>
2. You are exposing /var/lib/libvirt and /var/run to the host - Don't you usually expose from the Host to the Container. Could you provide the setup you used to do so, like the lxc profile or whatever applies?
3. in your container that runs libvirt, you added UID of root to the group of NOVA?
I guess depending on your answer to #2 a lot of my assumptions might be totally wrong, so please help to clarify those.
4.
From the error I think what happens is that your case is that the libvirt (wherever it is) can't reach qemu for the capability checks on the define. I think there is no need to run a full define to trigger this, could you also report what the following reports in your case (I'd assume it aborts as well):
$ virth capabilities
5.
And if that fails I don't yet see so much why/where this is about user/group permissions except invoking qemu-system-x86_64 but that is done by lobvirts user. The libvirt config might help to understand. Could you attach the config files that are reported (on your container?) when running:
$ sudo dpkg --verify libvirt-bin