Bug 734455

Summary: Remove the os.geteuid() check from oz-install
Product: [Fedora] Fedora Reporter: Chris Lalancette <clalance>
Component: ozAssignee: Chris Lalancette <clalance>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: clalance, clalancette, Jan.van.Eldik, kchamart, p, rjones, sdake
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-08-20 13:02:15 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chris Lalancette 2011-08-30 12:48:00 UTC 
Description of problem:
rjones asked why oz-install needed root.  I responded that it:
a)  Needs to connect to qemu:///system, and
b)  Does some iptables manipulation

rjones pointed out that it is possible to configure PolicyKit to allow a normal user to connect to qemu:///system.  That eliminates the first problem.

The second problem has to do with the iptables manipulation.  After install, the guest contacts the host via TCP to report the IP address.  In order for this to work, the host needs to be running a server (which Oz does), and that port needs to be open for communication (which Oz also does).  It's that last bit that requires the iptables manipulation.  rjones and danpb suggested two alternate solutions that could remove the iptables manipulation:

1)  Use the qemu-agent to report the IP address.  This isn't quite ready, and will only work for very new Qemu.
2)  Write the IP address to a local file in the guest, and then use libguestfs in read-only mode to read that file.  This seems very doable.
Comment 1 Chris Lalancette 2011-09-07 13:20:32 UTC 
(In reply to comment #0)
> Description of problem:
> rjones asked why oz-install needed root.  I responded that it:
> a)  Needs to connect to qemu:///system, and
> b)  Does some iptables manipulation
> 
> rjones pointed out that it is possible to configure PolicyKit to allow a normal
> user to connect to qemu:///system.  That eliminates the first problem.
> 
> The second problem has to do with the iptables manipulation.  After install,
> the guest contacts the host via TCP to report the IP address.  In order for
> this to work, the host needs to be running a server (which Oz does), and that
> port needs to be open for communication (which Oz also does).  It's that last
> bit that requires the iptables manipulation.  rjones and danpb suggested two
> alternate solutions that could remove the iptables manipulation:
> 
> 1)  Use the qemu-agent to report the IP address.  This isn't quite ready, and
> will only work for very new Qemu.
> 2)  Write the IP address to a local file in the guest, and then use libguestfs
> in read-only mode to read that file.  This seems very doable.

So I ended up having problems with 2) because libguestfs wouldn't see new files that appeared in the underlying "live" filesystem.  I probably could have gotten around that by re-launching libguestfs every time I looped, but that seemed heavyweight.

I instead went with a different solution where I use a serial port to do the IP address announcement.  The libvirt XML is modified before launch to have a <serial> element that starts a network server in qemu.  Writes to the serial port from the guest get exposed via the network server, and clients can connect to get that data.  So Oz launches the guest with the network server, then connects to the network server and waits for the guest to output the IP address over the serial line.  Once that happens, the rest of Oz proceeds as before.  This removes the need for any iptables manipulation, and is the first step to making this run as non-root.

There is still the problem of Oz trying to read and write from system locations like /var/lib/oz and /etc/oz/oz.cfg.  That should be solvable by detecting whether we are root or not, and then modifying the paths accordingly, but it is not prepared at the moment to do this.
Comment 2 Richard W.M. Jones 2011-09-07 13:48:22 UTC 
(In reply to comment #1)
> (In reply to comment #0)
> > 2)  Write the IP address to a local file in the guest, and then use libguestfs
> > in read-only mode to read that file.  This seems very doable.
> 
> So I ended up having problems with 2) because libguestfs wouldn't see new files
> that appeared in the underlying "live" filesystem.  I probably could have
> gotten around that by re-launching libguestfs every time I looped, but that
> seemed heavyweight.

Another way to do it would be to write it to some known
part of the disk, eg. in an unused bit of the boot sector.

Or yet another way is to try calling drop-caches:

http://libguestfs.org/guestfs.3.html#guestfs_drop_caches

(Whether this works, or is even a good idea, is another matter ...)

In any case, looks like the serial port is working for you.
Comment 3 Chris Lalancette 2012-08-20 13:02:15 UTC 
As of Oz 0.9.0, this should work if PackageKit is configured properly.  I'm closing this as UPSTREAM; let me know if it doesn't work for you.