Bug 649511 - bogus permissions on /var/lib/libvirt in libvirt spec file
bogus permissions on /var/lib/libvirt in libvirt spec file
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: libvirt (Show other bugs)
14
Unspecified Unspecified
low Severity medium
: ---
: ---
Assigned To: Eric Blake
Fedora Extras Quality Assurance
:
Depends On:
Blocks: 684798
  Show dependency treegraph
 
Reported: 2010-11-03 16:36 EDT by Eric Blake
Modified: 2011-04-18 23:53 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 649523 (view as bug list)
Environment:
Last Closed: 2011-04-18 23:53:49 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Eric Blake 2010-11-03 16:36:22 EDT
Description of problem:
After using preupgrade to convert from F13 to F14, I could no longer start any VMs.  I tracked the problem to bad permissions on /var/lib/libvirt.

Version-Release number of selected component (if applicable):
libvirt-0.8.3-2.fc14.x86_64


How reproducible:
Haven't tried reproducing, but if you need me to, I could set up an F13 VM and re-run preupgrade to see if it repeats.


Steps to Reproduce:
1. preupgrade from f13 -> f14
2. virsh start vm-name
3. ls -ld /var/lib/libvirt
4. chmod 755 /var/lib/libvirt
5. virsh start vm-name 
  
Actual results:
1. upgrade appears to work fine
2. # virsh start fedora_12
error: Failed to start domain fedora_12
error: internal error Process exited while reading console log output: bind(unix:/var/lib/libvirt/qemu/fedora_12.monitor): Permission denied
chardev: opening backend "socket" failed
3. # ll -d /var/lib/libvirt/{,qemu}
drwx------. 9 root root 4096 Aug 23 15:32 /var/lib/libvirt/
drwx------. 4 qemu qemu 4096 Aug 23 15:32 /var/lib/libvirt/qemu
4. success
5. can start vm again


Expected results:
upgrading should not corrupt directory permissions

Additional info:
/var/lib/libvirt should be 0755, not 0700.  It might be a bug in the libvirt-0.8.3-2.fc14.x86_64 spec file that sets inappropriate permissions, and the preupgrade process favored the spec file permissions rather than the permissions that were previously in place in F13.
Comment 1 Eric Blake 2010-11-03 17:09:32 EDT
Hmm - I see this in upstream libvirt.spec.in, as well as in the libvirt.spec included in libvirt-0.8.3-2.fc14.srpm:

%dir %{_localstatedir}/lib/libvirt/

%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt

So it's definitely a spec-file bug, and traces back to commit 66823690e (v0.8.2~203).
Comment 2 Eric Blake 2010-11-03 17:26:51 EDT
Upstream patch posted:
https://www.redhat.com/archives/libvir-list/2010-November/msg00238.html
Comment 3 Laine Stump 2011-04-18 23:53:49 EDT
libvirt-0.8.3-9.fc14 and libvirt-0.8.2-6.fc13, both containing the fix for this problem, have been pushed to the stable repository, thus resolving this problem in all supported versions of Fedora.

Note You need to log in before you can comment on or make changes to this bug.