Bug 1418930
Summary: | [ESXi][RHEL8]RFE: Please increase granularity of open-vm-tools packaging | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Vladimir Dulava <vdulava> |
Component: | open-vm-tools | Assignee: | Cathy Avery <cavery> |
Status: | CLOSED DEFERRED | QA Contact: | Bo Yang <boyang> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | 8.0 | CC: | ailan, boyang, cavery, jen, jjarvis, jsavanyo, knoel, ldu, leiwang, mkalinin, momran, pasik, ravindrakumar, ribarry, vmware-gos-qa, yacao, ybhasin |
Target Milestone: | rc | Keywords: | FutureFeature, TestOnly |
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-10-03 20:35:14 UTC | Type: | Feature Request |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1420851 |
Description
Vladimir Dulava
2017-02-03 07:51:26 UTC
(In reply to Vladimir Dulava from comment #0) > To reduce impact of possible client -> hypervisor interaction we reduce (in > RHEL6) the list of available VM functionality to just: > > vmware-tools-guestlib > vmware-tools-core-9.10.5-1.el6.x86_64 > vmware-tools-foundation-9.10.5-1.el6.x86_64 > vmware-tools-libraries-nox-9.10.5-1.el6.x86_64 > vmware-tools-plugins-guestInfo-9.10.5-1.el6.x86_64 > vmware-tools-plugins-powerOps-9.10.5-1.el6.x86_64 > vmware-tools-plugins-timeSync-9.10.5-1.el6.x86_64 > vmware-tools-pvscsi-common-9.10.5-5.el6.x86_64 > vmware-tools-services-9.10.5-1.el6.x86_64 > vmware-tools-vmmemctl-common-9.10.5-5.el6.x86_64 > vmware-tools-vmxnet3-common-9.10.5-5.el6.x86_64 > > and exclude: > > vmware-tools-plugins-autoUpgrad > vmware-tools-plugins-deployPkg > vmware-tools-plugins-grabbitmqProxy > vmware-tools-plugins-hgfsServer > vmware-tools-plugins-vix > vmware-tools-plugins-vmbackup > > To do the same with open-vm-tools we need to remove/put to a subpackage the > following parts of open-vm-tools: > > /usr/lib64/libDeployPkg.so.0 > /usr/lib64/libDeployPkg.so.0.0.0 > /usr/lib64/open-vm-tools/plugins/vmsvc/libdeployPkgPlugin.so > /usr/lib64/open-vm-tools/plugins/vmsvc/libgrabbitmqProxy.so > /usr/bin/vmhgfs-fuse > /usr/bin/vmware-hgfsclient > /usr/lib64/libhgfs.so.0 > /usr/lib64/libhgfs.so.0.0.0 > /usr/lib64/open-vm-tools/plugins/common/libhgfsServer.so > /usr/lib64/open-vm-tools/plugins/common/libvix.so > /usr/lib64/open-vm-tools/plugins/vmsvc/libvmbackup.so > > Is it possible to move these bits to a subpackage so that there is a sane > way to remove these utilities and libraries? If the reasons for doing this is related to security then this is not the right way to do it. The customer should follow https://www.vmware.com/security/hardening-guides.html instead. > Expected results: > Bigger granularity of open-vm-tools packaging We want less packages to simplify package management. Filed internal VMware bug 1808026 to track this RFE. Another request for granularity: Split out of the vmhgfs functionality. It depends on fuse which is avoided in high security environments like banks and useless in enterprise environments using ESX/ESXi as vmhgfs is only supported in the VMware Workstation and Fusion products. John, would you mind to add this request to your internal bug 1808026? Please contact me out of band in case you need a business justification. Hi Beat, Thanks for additional information. I updated our internal RFE with additional information. -John Implementing more granularity would also help solve Bug 1358108 -John I'm assigning this bug to myself. Ravindra please continue to work this issue. (In reply to Ravindra Kumar from comment #2) > (In reply to Vladimir Dulava from comment #0) > > To reduce impact of possible client -> hypervisor interaction we reduce (in > > RHEL6) the list of available VM functionality to just: > > > > vmware-tools-guestlib > > vmware-tools-core-9.10.5-1.el6.x86_64 > > vmware-tools-foundation-9.10.5-1.el6.x86_64 > > vmware-tools-libraries-nox-9.10.5-1.el6.x86_64 > > vmware-tools-plugins-guestInfo-9.10.5-1.el6.x86_64 > > vmware-tools-plugins-powerOps-9.10.5-1.el6.x86_64 > > vmware-tools-plugins-timeSync-9.10.5-1.el6.x86_64 > > vmware-tools-pvscsi-common-9.10.5-5.el6.x86_64 > > vmware-tools-services-9.10.5-1.el6.x86_64 > > vmware-tools-vmmemctl-common-9.10.5-5.el6.x86_64 > > vmware-tools-vmxnet3-common-9.10.5-5.el6.x86_64 > > > > and exclude: > > > > vmware-tools-plugins-autoUpgrad > > vmware-tools-plugins-deployPkg > > vmware-tools-plugins-grabbitmqProxy > > vmware-tools-plugins-hgfsServer > > vmware-tools-plugins-vix > > vmware-tools-plugins-vmbackup > > > > To do the same with open-vm-tools we need to remove/put to a subpackage the > > following parts of open-vm-tools: > > > > /usr/lib64/libDeployPkg.so.0 > > /usr/lib64/libDeployPkg.so.0.0.0 > > /usr/lib64/open-vm-tools/plugins/vmsvc/libdeployPkgPlugin.so > > /usr/lib64/open-vm-tools/plugins/vmsvc/libgrabbitmqProxy.so > > /usr/bin/vmhgfs-fuse > > /usr/bin/vmware-hgfsclient > > /usr/lib64/libhgfs.so.0 > > /usr/lib64/libhgfs.so.0.0.0 > > /usr/lib64/open-vm-tools/plugins/common/libhgfsServer.so > > /usr/lib64/open-vm-tools/plugins/common/libvix.so > > /usr/lib64/open-vm-tools/plugins/vmsvc/libvmbackup.so > > > > Is it possible to move these bits to a subpackage so that there is a sane > > way to remove these utilities and libraries? > > If the reasons for doing this is related to security then this is not the > right way to do it. The customer should follow > https://www.vmware.com/security/hardening-guides.html instead. Hi Ravindra can you please give more specific recommendation on how to achieve what the customers are asking for? How can the customer avoid installing vmhgfs-fuse or what security adjustment need to be made otherwise? > > > Expected results: > > Bigger granularity of open-vm-tools packaging > > We want less packages to simplify package management. From discussion this morning - There is concern that if we attempt to change the package structure that this would result in customer disruption and regressions. If we change package structure we think it is better to do this with RHEL 9.0. We'll work with VMware and look at restructuring the packaging in RHEL 9.0. |