Libvirt init section doesn't work: Permission denied

[Vanuan]

It looks like something wrong with metadata disk creation when using libvirt with init section.

# infrakit.yml
Tags:
  custom.tag1 : kvm
  custom.tag2 : single-instance

Init: |
  #!/bin/bash
  sudo apt-get update -y
  sudo apt-get install wget curl
  wget -qO- https://get.docker.com | sh

Properties:
  MetadataStoragePool: default
  Domain:
  Domain:
    Type: kvm
    Memory:
      Unit: GiB
      Value: 1
    VCPU:
      Value: 1
    OS:
      Type:
        Arch: x86_64
        Machine: pc-i440fx-2.8
        Type: hvm
      Initrd: /home/john/image/linuxkit-initrd.img
      Kernel: /home/john/image/linuxkit-kernel
      KernelArgs: console=ttyS0
      BIOS:
        UseSerial: 'yes'
        RebootTimeout: '1000'
      Boot:
        Dev: hd
    Devices:
      Interfaces:
      - Type: bridge
        Source:
          Bridge: virbr0
        Model:
          Type: virtio
      Serials:
      - Type: pty
      Consoles:
      - Type: pty
        Target:
          Type: serial
          Name: "0"
      Channels:
      - Type: unix
        Target:
          Type: virtio
          Name: org.qemu.guest_agent.0
    OnCrash: destroy
    OnPoweroff: destroy
    OnReboot: restart

$ infrakit local libvirt/default provision -y infra.yml

Creating Domain: virError(Code=1, Domain=10,
Message='internal error: process exited while connecting to monitor: 2018-10-14T01:55:55.456495Z qemu-system-x86_64:
-drive file=/var/lib/libvirt/images/infrakit-e21543c9-metadata,format=raw,if=none,id=drive-sata0-0-2,media=cdrom,readonly=on:
Could not open '/var/lib/libvirt/images/infrakit-e21543c9-metadata': Permission denied')

Couldn't figure out what's going on. It looks like metadata disk is copied with root permissions, but qemu is running under a different user?