Public bug reported: focal/ussuri has an updated pkgos-gen-systemd-unit (openstack-pkg-tools) which sets the UMask to 0027, preventing other users from any access to files created by the service. In this case, the nova-compute service creates instance files at run-time that libvirt needs access to.
ussuri: drwxr-x--- 2 nova nova /var/lib/nova/instances/1726e122-2d91-44c1-939b-dd4638df06ed train: drwxr-xr-x 2 nova nova /var/lib/nova/instances/da355106-e7f0-4d23-8b4c-91defbfdd696 It seems like the best solution is to use the default UMask of 0022 for the nova-compute systemd unit file. Note that nova-common.postinst already sets /var/log/nova permissions to 0750, preventing other users from reading logs, which was the original intent of having pkgos-gen-systemd-unit set UMask to 0027. ** Affects: nova (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1864922 Title: ussuri libvirt missing access to /var/lib/nova/instances/ To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1864922/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs