[Ovirt-devel] root access required?

Perry N. Myers pmyers at redhat.com
Mon Sep 8 16:03:21 UTC 2008 

Ben Guthro wrote:
> Hello,
> 
> In my endeavor to set up a build environment for our developers 
> experimenting with oVirt / libvirt, I have come across a general dislike 
> that the build of the ovirt managed node requires the user to be root.
> 
> In looking into this we have found 2 areas that I am unable to work out 
> a solution for:
> 
> 1. livecd-tools must mount a filesystem image, requiring:
>     (a) losetup /dev/loopX fs-image
>         Where the user must have write access to /dev/loopX (which by
>         default is writable only by root, readable by group 'disk'). 
> Could be
>         worked around by changing /dev/loopX permissions (once, as root).
>     (b) mount /dev/loopX /mnt/point
>         Also requires root. Can be worked around with /etc/fstab entry
>         allowing user mount.
> 
> 2. 'rpm --root ...' is used to build the image.
>     --root must chroot to the specified directory to run the various RPM 
> scripts.
>     chroot can't run under 'fakeroot' (AFAIK).
>     I don't know how to avoid or workaround this.
> 
> So -
> Does anyone here have any suggestions/recommended practices on how to go 
> about working around these so that root access is not required?
> 
> Or - are we stuck with "that's just the way it is" for building the 
> managed node image?

The dependency on needing root is inherited from livecd-tools.  So for us 
to remove root as a requirement for building this needs to be changed 
upstream.  I'd start by posting questions/requests to the livecd mailing 
lists and see if the developers there can easily fix this.

Once root is not longer required for livecd-tools, we will be able to 
build everything in ovirt as non-root.

We've been working on some refactoring of the ovirt repositories to help 
reduce the requirement to build as root.  But it is still required 
specifically for building the oVirt Appliance and the oVirt Node.  The 
remainder of the items can be built as non-root.  Look for an email with 
details on this from me shortly.

Perry

More information about the ovirt-devel mailing list