734455 – Remove the os.geteuid() check from oz-install

Bug 734455 - Remove the os.geteuid() check from oz-install

Summary: Remove the os.geteuid() check from oz-install

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	oz
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Chris Lalancette
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-08-30 12:48 UTC by Chris Lalancette
Modified:	2012-08-20 13:02 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2012-08-20 13:02:15 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Chris Lalancette 2011-08-30 12:48:00 UTC

Description of problem:
rjones asked why oz-install needed root.  I responded that it:
a)  Needs to connect to qemu:///system, and
b)  Does some iptables manipulation

rjones pointed out that it is possible to configure PolicyKit to allow a normal user to connect to qemu:///system.  That eliminates the first problem.

The second problem has to do with the iptables manipulation.  After install, the guest contacts the host via TCP to report the IP address.  In order for this to work, the host needs to be running a server (which Oz does), and that port needs to be open for communication (which Oz also does).  It's that last bit that requires the iptables manipulation.  rjones and danpb suggested two alternate solutions that could remove the iptables manipulation:

1)  Use the qemu-agent to report the IP address.  This isn't quite ready, and will only work for very new Qemu.
2)  Write the IP address to a local file in the guest, and then use libguestfs in read-only mode to read that file.  This seems very doable.

Comment 1 Chris Lalancette 2011-09-07 13:20:32 UTC

(In reply to comment #0)
> Description of problem:
> rjones asked why oz-install needed root.  I responded that it:
> a)  Needs to connect to qemu:///system, and
> b)  Does some iptables manipulation
> 
> rjones pointed out that it is possible to configure PolicyKit to allow a normal
> user to connect to qemu:///system.  That eliminates the first problem.
> 
> The second problem has to do with the iptables manipulation.  After install,
> the guest contacts the host via TCP to report the IP address.  In order for
> this to work, the host needs to be running a server (which Oz does), and that
> port needs to be open for communication (which Oz also does).  It's that last
> bit that requires the iptables manipulation.  rjones and danpb suggested two
> alternate solutions that could remove the iptables manipulation:
> 
> 1)  Use the qemu-agent to report the IP address.  This isn't quite ready, and
> will only work for very new Qemu.
> 2)  Write the IP address to a local file in the guest, and then use libguestfs
> in read-only mode to read that file.  This seems very doable.

So I ended up having problems with 2) because libguestfs wouldn't see new files that appeared in the underlying "live" filesystem.  I probably could have gotten around that by re-launching libguestfs every time I looped, but that seemed heavyweight.

I instead went with a different solution where I use a serial port to do the IP address announcement.  The libvirt XML is modified before launch to have a <serial> element that starts a network server in qemu.  Writes to the serial port from the guest get exposed via the network server, and clients can connect to get that data.  So Oz launches the guest with the network server, then connects to the network server and waits for the guest to output the IP address over the serial line.  Once that happens, the rest of Oz proceeds as before.  This removes the need for any iptables manipulation, and is the first step to making this run as non-root.

There is still the problem of Oz trying to read and write from system locations like /var/lib/oz and /etc/oz/oz.cfg.  That should be solvable by detecting whether we are root or not, and then modifying the paths accordingly, but it is not prepared at the moment to do this.

Comment 2 Richard W.M. Jones 2011-09-07 13:48:22 UTC

(In reply to comment #1)
> (In reply to comment #0)
> > 2)  Write the IP address to a local file in the guest, and then use libguestfs
> > in read-only mode to read that file.  This seems very doable.
> 
> So I ended up having problems with 2) because libguestfs wouldn't see new files
> that appeared in the underlying "live" filesystem.  I probably could have
> gotten around that by re-launching libguestfs every time I looped, but that
> seemed heavyweight.

Another way to do it would be to write it to some known
part of the disk, eg. in an unused bit of the boot sector.

Or yet another way is to try calling drop-caches:

http://libguestfs.org/guestfs.3.html#guestfs_drop_caches

(Whether this works, or is even a good idea, is another matter ...)

In any case, looks like the serial port is working for you.

Comment 3 Chris Lalancette 2012-08-20 13:02:15 UTC

As of Oz 0.9.0, this should work if PackageKit is configured properly.  I'm closing this as UPSTREAM; let me know if it doesn't work for you.

Note You need to log in before you can comment on or make changes to this bug.