Bug 649511

Summary: bogus permissions on /var/lib/libvirt in libvirt spec file
Product: [Fedora] Fedora Reporter: Eric Blake <eblake>
Component: libvirtAssignee: Eric Blake <eblake>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 14CC: berrange, clalance, crobinso, itamar, jforbes, laine, veillard, virt-maint
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 649523 (view as bug list) Environment:
Last Closed: 2011-04-18 23:53:49 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 684798    

Description Eric Blake 2010-11-03 16:36:22 EDT
Description of problem:
After using preupgrade to convert from F13 to F14, I could no longer start any VMs.  I tracked the problem to bad permissions on /var/lib/libvirt.

Version-Release number of selected component (if applicable):
libvirt-0.8.3-2.fc14.x86_64


How reproducible:
Haven't tried reproducing, but if you need me to, I could set up an F13 VM and re-run preupgrade to see if it repeats.


Steps to Reproduce:
1. preupgrade from f13 -> f14
2. virsh start vm-name
3. ls -ld /var/lib/libvirt
4. chmod 755 /var/lib/libvirt
5. virsh start vm-name 
  
Actual results:
1. upgrade appears to work fine
2. # virsh start fedora_12
error: Failed to start domain fedora_12
error: internal error Process exited while reading console log output: bind(unix:/var/lib/libvirt/qemu/fedora_12.monitor): Permission denied
chardev: opening backend "socket" failed
3. # ll -d /var/lib/libvirt/{,qemu}
drwx------. 9 root root 4096 Aug 23 15:32 /var/lib/libvirt/
drwx------. 4 qemu qemu 4096 Aug 23 15:32 /var/lib/libvirt/qemu
4. success
5. can start vm again


Expected results:
upgrading should not corrupt directory permissions

Additional info:
/var/lib/libvirt should be 0755, not 0700.  It might be a bug in the libvirt-0.8.3-2.fc14.x86_64 spec file that sets inappropriate permissions, and the preupgrade process favored the spec file permissions rather than the permissions that were previously in place in F13.
Comment 1 Eric Blake 2010-11-03 17:09:32 EDT
Hmm - I see this in upstream libvirt.spec.in, as well as in the libvirt.spec included in libvirt-0.8.3-2.fc14.srpm:

%dir %{_localstatedir}/lib/libvirt/

%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt

So it's definitely a spec-file bug, and traces back to commit 66823690e (v0.8.2~203).
Comment 2 Eric Blake 2010-11-03 17:26:51 EDT
Upstream patch posted:
https://www.redhat.com/archives/libvir-list/2010-November/msg00238.html
Comment 3 Laine Stump 2011-04-18 23:53:49 EDT
libvirt-0.8.3-9.fc14 and libvirt-0.8.2-6.fc13, both containing the fix for this problem, have been pushed to the stable repository, thus resolving this problem in all supported versions of Fedora.