On Thu, 2016-07-07 at 17:41 +0200, Jaroslav Suchanek wrote: > Follow the same logic for adding qemu user also for kvm and qemu groups. As > is described in https://fedoraproject.org/wiki/Packaging:UsersAndGroups > document there should be preallocated UIDs and GIDs for libvirt. A check for > required group id was added prior groupadd execution. > > Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1351792 > --- > libvirt.spec.in | 16 ++++++++++++++-- > 1 file changed, 14 insertions(+), 2 deletions(-) > > diff --git a/libvirt.spec.in b/libvirt.spec.in > index 2b98836..3dc3193 100644 > --- a/libvirt.spec.in > +++ b/libvirt.spec.in > @@ -1464,8 +1464,20 @@ fi > # We want soft static allocation of well-known ids, as disk images > # are commonly shared across NFS mounts by id rather than name; see > # https://fedoraproject.org/wiki/Packaging:UsersAndGroups > -getent group kvm >/dev/null || groupadd -f -g 36 -r kvm > -getent group qemu >/dev/null || groupadd -f -g 107 -r qemu > +if ! getent group kvm >/dev/null; then > + if ! getent group 36 >/dev/null; then > + groupadd -f -g 36 -r kvm > + else > + groupadd -f -r kvm > + fi > +fi > +if ! getent group qemu >/dev/null; then > + if ! getent group 107 >/dev/null; then > + groupadd -f -g 107 -r qemu > + else > + groupadd -f -r qemu > + fi > +fi > if ! getent passwd qemu >/dev/null; then > if ! getent passwd 107 >/dev/null; then > useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu There's no need to do that, as groupadd's -f flag already does what you want in this situation: When used with -g, and the specified GID already exists, another (unique) GID is chosen The commit that fixed the allocation issue is commit a2584d58f6f7d941b960f996c8e26df8294b79b9 Author: Eric Blake <eblake@xxxxxxxxxx> Date: Wed May 1 14:28:43 2013 -0600 spec: proper soft static allocation of qemu uid https://bugzilla.redhat.com/show_bug.cgi?id=924501 tracks a problem that occurs if uid 107 is already in use at the time libvirt is first installed. In response that problem, Fedora packaging guidelines were recently updated. This fixes the spec file to comply with the new guidelines: https://fedoraproject.org/wiki/Packaging:UsersAndGroups * libvirt.spec.in (daemon): Follow updated Fedora guidelines. Signed-off-by: Eric Blake <eblake@xxxxxxxxxx> v1.0.5-35-ga2584d5 which has been backported to the v0.10.2-maint branch as well. So downstream just need to pick up that commit :) NACK -- Andrea Bolognani / Red Hat / Virtualization -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list