Bug 1023867

Summary: output config path is not right when using unprivileged user to create generic container
Product: Red Hat Enterprise Linux 7 Reporter: Wayne Sun <gsun>
Component: libvirt-sandboxAssignee: Daniel Berrangé <berrange>
Status: CLOSED CURRENTRELEASE QA Contact: Virtualization Bugs <virt-bugs>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.0CC: ajia, dyuan, lsu, weizhan, zpeng
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: libvirt-sandbox-0.5.0-7.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-13 11:32:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Wayne Sun 2013-10-28 07:24:17 UTC 
Description of problem:
The config path output by save_config is not right as created

Version-Release number of selected component (if applicable):
$ rpm -q libvirt libvirt-sandbox
libvirt-1.1.1-10.el7.x86_64
libvirt-sandbox-0.5.0-5.el7.x86_64


How reproducible:
always

Steps to Reproduce:
1.enable local user wayne for libvirt management permissions
add compatible polkit pkla file:
# cat /etc/polkit-1/localauthority/50-local.d/test.pkla
[Allow fred libvirt management permissions]
Identity=unix-user:wayne
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes

2. create a generic container
# su - wayne
$ virt-sandbox-service create --network source=default,address=192.168.122.101/24,route=192.168.122.255/24%192.168.122.1 -p /home/wayne/test --username wayne -G 1000 userbox3 -- /bin/bash -v
Created sandbox container dir /home/wayne/test/userbox3
Created sandbox config /etc/libvirt-sandbox/services/userbox3/config/sandbox.cfg

3. check sandbox.cfg
$ cat /etc/libvirt-sandbox/services/userbox3/config/sandbox.cfg
cat: /etc/libvirt-sandbox/services/userbox3/config/sandbox.cfg: No such file or directory

The right config path should be:
$ cat /home/wayne/.config/libvirt-sandbox/services/userbox3/config/sandbox.cfg 

the mount point in container xml is right so the container can be started. Only the config path mismatched between virt-sandbox-service output and actual path.

Actual results:
output not right

Expected results:
output the right path

Additional info:
Comment 2 Daniel Berrangé 2013-11-27 17:22:54 UTC 
This is invalid usage. The tools must be run as root.

Upstream we now explicitly block this

commit 09987232e72cc88b1eb5c67c875ead3f5f9bd272
Author: Daniel P. Berrange <berrange>
Date:   Wed Nov 27 17:21:27 2013 +0000

    Prevent use of virt-sandbox-service as non-root
    
    The lxc:/// driver is only supported when running as root,
    since we need elevated privileges to create various files.
    Explicitly prevent it running as uid == 0.
    
    Signed-off-by: Daniel P. Berrange <berrange>
Comment 4 Luwen Su 2013-12-04 07:14:45 UTC 
Verfied with libvirt-sandbox-0.5.0-7.el7.x86_64

1.enable local user wayne for libvirt management permissions
add compatible polkit pkla file:
# cat /etc/polkit-1/localauthority/50-local.d/test.pkla
[Allow fred libvirt management permissions]
Identity=unix-user:timesu
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes
ResultActive=yes

2. create a generic container
# su - timesu
$ virt-sandbox-service create --network source=default,address=192.168.122.101/24,route=192.168.122.255/24%192.168.122.1 -p /home/timesu --username timesu -G 1000 userbox3 -- /bin/bash -v
/usr/bin/virt-sandbox-service: lxc:/// URIs are only supported when run as root
Comment 6 Ludek Smid 2014-06-13 11:32:53 UTC 
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.