Bug 1005009
| Summary: | File spice-client-glib-usb-acl-helper has no suid root privilege | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | tingting zheng <tzheng> | ||||
| Component: | spice-gtk | Assignee: | Christophe Fergeau <cfergeau> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Desktop QE <desktop-qa-list> | ||||
| Severity: | urgent | Docs Contact: | |||||
| Priority: | urgent | ||||||
| Version: | 7.0 | CC: | acathrow, cfergeau, codong, dyuan, gren, lcui, mkrcmari, mzhan, tzheng, zsong | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | spice-gtk-0.20-6.el7 | Doc Type: | Bug Fix | ||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2014-06-13 12:07:06 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
http://download.devel.redhat.com/brewroot/packages/spice-gtk/0.20/2.el7/data/logs/x86_64/build.log has: chown root /builddir/build/BUILDROOT/spice-gtk-0.20-2.el7.x86_64/usr/libexec/spice-gtk-x86_64//spice-client-glib-usb-acl-helper chown: changing ownership of '/builddir/build/BUILDROOT/spice-gtk-0.20-2.el7.x86_64/usr/libexec/spice-gtk-x86_64//spice-client-glib-usb-acl-helper': Operation not permitted chmod u+s /builddir/build/BUILDROOT/spice-gtk-0.20-2.el7.x86_64/usr/libexec/spice-gtk-x86_64//spice-client-glib-usb-acl-helper Iirc spice-client-glib-usb-acl-helper needs to be added to some magic list in order to be suid-able, and iirc Hans did what was needed for that to happen. Maybe just a rebuild is needed? Ah I guess we need http://pkgs.fedoraproject.org/cgit/spice-gtk.git/commit/?id=549771495ae0f264042487c5dff01028368178e2 as well Should be fixed by a new spice-gtk build. This request was resolved in Red Hat Enterprise Linux 7.0. Contact your manager or support representative in case you have further questions about the request. |
Created attachment 794559 [details] Debug info from virt-manager Description File spice-client-glib-usb-acl-helper has no suid root privilege Version: libvirt-1.1.1-3.el7.x86_64 virt-manager-0.10.0-3.el7.noarch spice-glib-0.20-2.el7.x86_64 spice-gtk-0.20-2.el7.x86_64 How reproducible: 100% Steps to Reproduce: 1. Use non-root user login system. 2. Launch virt-manager,input password for authentication. 3. Configure a guest to try usb auto redirection. 4. Error shows: spice-client-glib-usb-helper: Error setting facl: Operation not permitted 5. Check the mode of file spice-client-glib-usb-helper # ll /usr/libexec/spice-gtk-x86_64/spice-client-glib-usb-acl-helper -rwxr-xr-x. 1 root root 15448 Jul 12 01:03 /usr/libexec/spice-gtk-x86_64/spice-client-glib-usb-acl-helper 6. add suid root privilege to the file,usb can be redirected successfully. Actual results: As description. Expected results: File spice-client-glib-usb-acl-helper has suid root privilege Additional info: Attached virt-manager debug info.