RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 2066775 - The /tmp/v2v.XXXX directory has incorrect permisison if run v2v by root
Summary: The /tmp/v2v.XXXX directory has incorrect permisison if run v2v by root
Keywords:
Status: CLOSED ERRATA
Alias: None
Deadline: 2022-04-04
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: virt-v2v
Version: 9.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: Richard W.M. Jones
QA Contact: Xiaodai Wang
URL:
Whiteboard:
Depends On: 2066773
Blocks: 2068136
TreeView+ depends on / blocked
 
Reported: 2022-03-22 13:14 UTC by Xiaodai Wang
Modified: 2022-05-17 13:44 UTC (History)
11 users (show)

Fixed In Version: virt-v2v-1.45.99-2.el9_0
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 2066773
: 2068136 (view as bug list)
Environment:
Last Closed: 2022-05-17 13:42:09 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-116389 0 None None None 2022-03-22 13:20:32 UTC
Red Hat Product Errata RHEA-2022:2566 0 None None None 2022-05-17 13:42:19 UTC

Comment 1 Richard W.M. Jones 2022-03-23 13:32:20 UTC 
Requesting exception for this bug.  It is fixed upstream in
the following commits:

8de0ed72db nbdkit, qemuNBD: run_unix: formally require externally provided socket
4e7f206843 lib: Improve security of in/out sockets when running virt-v2v as root
f44c8d2e81 lib/nbdkit.ml: Correct copy/paste error in comment
88aaf8263a v2v: Move creation of v2v directory until after option parsing
5a60e9a4f6 lib, v2v: Move common code for creating v2v directory to Utils
c208bc97d8 lib: Remove Utils.metaversion
(refer to: https://github.com/libguestfs/virt-v2v/commits/master)

The code fix is not particularly complicated, but it will require careful testing
because it relies on fetching usernames from libvirt metadata and chowning
the directory etc.

If we don't fix this in RHEL 9.0 then there will technically be a security
bug in the case when root does a virt-v2v conversion on a shared machine with
untrusted non-root users.  The users will be able to read and modify data inside
the guests undergoing v2v conversion.  This is a somewhat unlikely scenario, but
possible.  It doesn't affect non-root uses of virt-v2v, and TBH you shouldn't
be running virt-v2v as root, but unfortunately containers do that.

I can do the build as soon as the exception is granted.

RHEL 9.1 bug: https://bugzilla.redhat.com/show_bug.cgi?id=2066773
Does not affect RHEL 8 or AV.
Comment 7 Richard W.M. Jones 2022-03-24 17:29:02 UTC 
https://src.osci.redhat.com/rpms/virt-v2v/pull-request/2
Comment 12 Xiaodai Wang 2022-03-29 03:46:43 UTC 
See the testing in comment 5.

Besides that, the v2v automation jobs were triggered to make sure no regression issues. 

See the jobs:
https://libvirt-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/v2v/view/RHEL-9.0/job/v2v-RHEL-9.0-runtest-x86_64-function-function_test_xen-rhel/11/testReport/rhel/function_test_xen/
https://libvirt-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/v2v/view/RHEL-9.0/job/v2v-RHEL-9.0-runtest-x86_64-function-convert_from_file-rhel/8/testReport/rhel/convert_from_file/
https://libvirt-jenkins.rhev-ci-vms.eng.rdu2.redhat.com/view/v2v/view/RHEL-9.0/job/v2v-RHEL-9.0-runtest-x86_64-function-function_test_esx-rhel/13/testReport/rhel/function_test_esx/

The failure cases were checked and they were known issues which are not related to this bug.

so I think this bug can be moved to VERIFIED.
Comment 14 errata-xmlrpc 2022-05-17 13:42:09 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: virt-v2v), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2022:2566
Note You need to log in before you can comment on or make changes to this bug.