[Libguestfs] [PATCH] Fix error launching libguestfs when euid != uid
Matthew Booth
mbooth at redhat.com
Thu Sep 30 14:36:43 UTC 2010
On 20/09/10 14:54, Matthew Booth wrote:
> On 20/09/10 14:43, Richard W.M. Jones wrote:
>> Improved patch. This copies your code to set real UID and GID
>> before the exec.
>>
>> Rich.
>>
>> -- Richard Jones, Virtualization Group, Red Hat
>> http://people.redhat.com/~rjones virt-top is 'top' for virtual machines.
>> Tiny program with many powerful monitoring features, net stats, disk
>> stats, logging, etc. http://et.redhat.com/~rjones/virt-top
>>
>>
>> 0001-Fix-error-launching-libguestfs-when-euid-uid.patch
>>
>>
>> From d00e2fb8c2e26e0a48954472b52bd0be877e9ce6 Mon Sep 17 00:00:00 2001
>> From: Richard W.M. Jones<rjones at redhat.com>
>> Date: Mon, 20 Sep 2010 14:02:06 +0100
>> Subject: [PATCH] Fix error launching libguestfs when euid != uid.
>>
>> When writing to a RHEV target, virt-v2v launches the libguestfs
>> appliance with euid:egid = 36:36, which is required to write to
>> an NFS target using root_squash.
>>
>> Since we changed to using a cached appliance, this causes an error on
>> start up, as the cached files are owned by root, but the cache directory
>> is owned by 36:36. The reason is that bash resets euid to uid and
>> egid to gid so when febootstrap-supermin-helper is executed, it runs as
>> root:root. The cache directory was created by libguestfs directly so
>> it has the correct ownership.
>>
>> This patch fixes the issue by using explicit fork/exec instead of
>> system (ie. not going via a shell) and by setting the real UID and
>> GID to the effective UID and GID before execing.
>> ---
>> src/appliance.c | 133
>> ++++++++++++++++++++++++++++++++++++++++++++----------
>> 1 files changed, 108 insertions(+), 25 deletions(-)
>
> ACK. This now works for me.
It turns out I spoke too soon on this. The wrapping round the call to
febootstrap-supermin-helper to generate the checksum *is* required.
Without it, febootstrap-supermin-helper has the wrong euid, and
therefore generates the wrong checksum. For virt-v2v, this means that
the following sequence fails:
* Run virt-v2v as root, outputting to RHEV
This calls guestfs_launch() with euid == 36
checksum is generated for *root*, because of missing wrapping
/tmp/<root's checksum> is created owned by 36:36
* Run virt-v2v as root, outputting locally
This calls guestfs_launch() with euid == 0
checksum is correctly generated for root, same as above
validation fails, because cache dir is owned by 36:36
I'll post a rebased patch.
Matt
--
Matthew Booth, RHCA, RHCSS
Red Hat Engineering, Virtualisation Team
GPG ID: D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490
More information about the Libguestfs
mailing list