[libvirt] Release candidate 2 of 1.0.3 is available
Christophe Fergeau
cfergeau at redhat.com
Sat Mar 2 14:30:38 UTC 2013
Hey,
On Wed, Feb 27, 2013 at 07:20:56PM +0800, Daniel Veillard wrote:
> I have just tagged git and pushed the tarball. The rpms for F17
> are at the usual place too:
> ftp://libvirt.org/libvirt/
>
> I gave a try to the set of rpms and this seems to work fine for
> relatively simple tests.
> Please give it more testing and let's keep change to git to
> bug fixes to minimize risks for 1.0.3.
> If everything goes well I will push 1.0.3 on Friday,
I've found a pretty bad issue with rc2/git head and Boxes, creating new
boxes fails with
2013-03-02 14:04:22.028+0000: 15681: error :
qemuDomainCheckDiskPresence:1837 : cannot access file
'/home/teuf/isos/msdn/win7/fr_windows_7_home_premium_n_with_sp1_x64_dvd_u_676833.iso':
Opération non permise
Looking more into it, this seems to be caused by
commit f506a4c115c44003455cb956861836a46425f97b
Date: Thu Jan 31 13:18:45 2013 -0500
util: make virSetUIDGID a NOP only when uid or gid is -1
qemuDomainCheckDiskPresence calls virFileAccessibleAs with (user, group)
being (0, 0) as Boxes is using qemu:///session (these are set to 0 by
virQEMUDriverConfigNew in the session case).
virFileAccessibleAs calls virSetUIDGID(0, 0) which used to be a noop before
the commit above, but is now trying to call setreuid/setregid, which fails.
I tried reverting this patch, but then probing qemu binaries during
libvirtd startup fails so not a good workaround :)
The patch below works for me, but it needs careful review as this is code I
don't know at all and I've only lightly tested it. This issue is a 1.0.3
blocker as far as Boxes is concerned.
Thanks,
Christophe
From 6474eb9dc04dcaa29450116ddfb76aefdaffd4f6 Mon Sep 17 00:00:00 2001
From: Christophe Fergeau <cfergeau at redhat.com>
Date: Sat, 2 Mar 2013 15:19:47 +0100
Subject: [PATCH] qemu: Use -1 as unpriviledged uid/gid
Commit f506a4c1 changed virSetUIDGID() to be a noop
when uid/gid are -1, while it used to be a noop when
they are <= 0.
The changes in this commit broke creating new VMs in GNOME Boxes
as qemuDomainCheckDiskPresence gets called during domain creation/startup,
which in turn calls virFileAccessibleAs which fails after calling
virSetUIDGID(0, 0) (Boxes uses session libvirtd).
This commit changes virQEMUDriverConfigNew to use -1 as the unpriviledged
uid/gid, and adjusts one code path that expected 0 in this case. I've also
looked at the various places where cfg->user is used, and they all
seem to handle -1 correctly.
---
src/qemu/qemu_conf.c | 4 ++--
src/qemu/qemu_domain.c | 4 ++--
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index f3b09cf..3ef3499 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -129,8 +129,8 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged)
if (virGetGroupID(QEMU_GROUP, &cfg->group) < 0)
goto error;
} else {
- cfg->user = 0;
- cfg->group = 0;
+ cfg->user = (uid_t)-1;
+ cfg->group = (gid_t)-1;
}
cfg->dynamicOwnership = privileged;
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 0e56596..1ecc8fa 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -1301,8 +1301,8 @@ void qemuDomainObjCheckTaint(virQEMUDriverPtr driver,
if (cfg->privileged &&
(!cfg->clearEmulatorCapabilities ||
- cfg->user == 0 ||
- cfg->group == 0))
+ cfg->user == (uid_t)-1 ||
+ cfg->group == (gid_t)-1))
qemuDomainObjTaint(driver, obj, VIR_DOMAIN_TAINT_HIGH_PRIVILEGES, logFD);
if (obj->def->namespaceData) {
--
1.8.1.2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130302/80e0fa40/attachment-0001.sig>
More information about the libvir-list
mailing list