[libvirt] [PATCH] libvirt.spec.in: soft-static allocation of qemu and kvm groups

Fri Jul 8 17:08:05 UTC 2016

On Thu, 2016-07-07 at 17:41 +0200, Jaroslav Suchanek wrote:
> Follow the same logic for adding qemu user also for kvm and qemu groups. As
> is described in https://fedoraproject.org/wiki/Packaging:UsersAndGroups
> document there should be preallocated UIDs and GIDs for libvirt. A check for
> required group id was added prior groupadd execution.
> 
> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1351792
> ---
>  libvirt.spec.in | 16 ++++++++++++++--
>  1 file changed, 14 insertions(+), 2 deletions(-)
> 
> diff --git a/libvirt.spec.in b/libvirt.spec.in
> index 2b98836..3dc3193 100644
> --- a/libvirt.spec.in
> +++ b/libvirt.spec.in
> @@ -1464,8 +1464,20 @@ fi
>  # We want soft static allocation of well-known ids, as disk images
>  # are commonly shared across NFS mounts by id rather than name; see
>  # https://fedoraproject.org/wiki/Packaging:UsersAndGroups
> -getent group kvm >/dev/null || groupadd -f -g 36 -r kvm
> -getent group qemu >/dev/null || groupadd -f -g 107 -r qemu
> +if ! getent group kvm >/dev/null; then
> +  if ! getent group 36 >/dev/null; then
> +    groupadd -f -g 36 -r kvm
> +  else
> +    groupadd -f -r kvm
> +  fi
> +fi
> +if ! getent group qemu >/dev/null; then
> +  if ! getent group 107 >/dev/null; then
> +    groupadd -f -g 107 -r qemu
> +  else
> +    groupadd -f -r qemu
> +  fi
> +fi
>  if ! getent passwd qemu >/dev/null; then
>    if ! getent passwd 107 >/dev/null; then
>      useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu

There's no need to do that, as groupadd's -f flag already
does what you want in this situation:

  When used with -g, and the specified GID already exists,
  another (unique) GID is chosen

The commit that fixed the allocation issue is

  commit a2584d58f6f7d941b960f996c8e26df8294b79b9
  Author: Eric Blake <eblake at redhat.com>
  Date:   Wed May 1 14:28:43 2013 -0600

      spec: proper soft static allocation of qemu uid

      https://bugzilla.redhat.com/show_bug.cgi?id=924501 tracks a
      problem that occurs if uid 107 is already in use at the time
      libvirt is first installed.  In response that problem, Fedora
      packaging guidelines were recently updated.  This fixes the
      spec file to comply with the new guidelines:
      https://fedoraproject.org/wiki/Packaging:UsersAndGroups

      * libvirt.spec.in (daemon): Follow updated Fedora guidelines.

      Signed-off-by: Eric Blake <eblake at redhat.com>

  v1.0.5-35-ga2584d5

which has been backported to the v0.10.2-maint branch as
well. So downstream just need to pick up that commit :)

NACK

-- 
Andrea Bolognani / Red Hat / Virtualization