Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 838980 Details for
Bug 1043249
Libguestfs fails to create appliance (through 'libvirt' backend): cannot open disk image from /tmp
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
0001-launch-libvirt-Run-qemu-as-root-when-libguestfs-runs.patch
0001-launch-libvirt-Run-qemu-as-root-when-libguestfs-runs.patch (text/plain), 3.62 KB, created by
Richard W.M. Jones
on 2013-12-19 13:20:53 UTC
(
hide
)
Description:
0001-launch-libvirt-Run-qemu-as-root-when-libguestfs-runs.patch
Filename:
MIME Type:
Creator:
Richard W.M. Jones
Created:
2013-12-19 13:20:53 UTC
Size:
3.62 KB
patch
obsolete
>From cc8c783f456218f01d26f26ff7c764594665b681 Mon Sep 17 00:00:00 2001 >From: "Richard W.M. Jones" <rjones@redhat.com> >Date: Thu, 19 Dec 2013 12:54:33 +0000 >Subject: [PATCH] launch: libvirt: Run qemu as root when libguestfs runs as > root (RHBZ#1043249). > >See: >https://bugzilla.redhat.com/show_bug.cgi?id=1043249#c6 >--- > src/launch-libvirt.c | 67 ++++++++++++++++------------------------------------ > 1 file changed, 20 insertions(+), 47 deletions(-) > >diff --git a/src/launch-libvirt.c b/src/launch-libvirt.c >index 36e3df0..5a68413 100644 >--- a/src/launch-libvirt.c >+++ b/src/launch-libvirt.c >@@ -333,53 +333,6 @@ launch_libvirt (guestfs_h *g, void *datav, const char *libvirt_uri) > > clear_socket_create_context (g); > >- /* libvirt, if running as root, will run the qemu process as >- * qemu.qemu, which means it won't be able to access the socket. >- * There are roughly three things that get in the way: >- * >- * (1) Permissions of the socket. >- * >- * (2) Permissions of the parent directory(-ies). Remember this if >- * $TMPDIR is located in your home directory. >- * >- * (3) SELinux/sVirt will prevent access. libvirt ought to label >- * the socket. >- * >- * Note that the 'current_proc_is_root' flag here just means that we >- * are root. It's also possible for non-root user to try to use the >- * system libvirtd by specifying a qemu:///system URI (RHBZ#913774) >- * but there's no sane way to test for that. >- */ >- if (params.current_proc_is_root) { >- /* Current process is root, so try to create sockets that are >- * owned by root.qemu with mode 0660 and hence accessible to qemu. >- */ >- struct group *grp; >- >- if (chmod (params.guestfsd_path, 0660) == -1) { >- perrorf (g, "chmod: %s", params.guestfsd_path); >- goto cleanup; >- } >- >- if (chmod (params.console_path, 0660) == -1) { >- perrorf (g, "chmod: %s", params.console_path); >- goto cleanup; >- } >- >- grp = getgrnam ("qemu"); >- if (grp != NULL) { >- if (chown (params.guestfsd_path, 0, grp->gr_gid) == -1) { >- perrorf (g, "chown: %s", params.guestfsd_path); >- goto cleanup; >- } >- if (chown (params.console_path, 0, grp->gr_gid) == -1) { >- perrorf (g, "chown: %s", params.console_path); >- goto cleanup; >- } >- } else >- debug (g, "cannot find group 'qemu'"); >- } >- > /* Construct the libvirt XML. */ > if (g->verbose) > guestfs___print_timestamped_message (g, "create libvirt XML"); >@@ -968,6 +921,26 @@ construct_libvirt_xml_seclabel (guestfs_h *g, > XMLERROR (-1, xmlTextWriterEndElement (xo)); > XMLERROR (-1, xmlTextWriterEndElement (xo)); > } >+ else if (params->current_proc_is_root) { >+ /* Otherwise, if running as root, tell libvirt not to run qemu as >+ * qemu.qemu, since it causes endless permissions problems. >+ * https://bugzilla.redhat.com/show_bug.cgi?id=1043249 >+ */ >+ XMLERROR (-1, xmlTextWriterStartElement (xo, BAD_CAST "seclabel")); >+ XMLERROR (-1, >+ xmlTextWriterWriteAttribute (xo, BAD_CAST "type", >+ BAD_CAST "static")); >+ XMLERROR (-1, >+ xmlTextWriterWriteAttribute (xo, BAD_CAST "model", >+ BAD_CAST "dac")); >+ XMLERROR (-1, >+ xmlTextWriterWriteAttribute (xo, BAD_CAST "relabel", >+ BAD_CAST "no")); >+ XMLERROR (-1, xmlTextWriterStartElement (xo, BAD_CAST "label")); >+ XMLERROR (-1, xmlTextWriterWriteString (xo, BAD_CAST "root:root")); >+ XMLERROR (-1, xmlTextWriterEndElement (xo)); >+ XMLERROR (-1, xmlTextWriterEndElement (xo)); >+ } > > return 0; > } >-- >1.8.3.1 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=838980">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1043249
:
837215
| 838980