On Mon, Feb 05, 2024 at 03:10:41PM +0100, Peter Krempa wrote: > On Fri, Feb 02, 2024 at 18:59:44 -0000, tim@xxxxxxxx wrote: > > Install a systemd sysusers config file for the qemu & kvm user/groups. > > > > We can not use the sysusers_create_compat macro in the RPM specfile to > > create those users as we want to keep the specfile standalone and not > > relying on additionnal files. > > > > Update the specfile to make the commands closer to what is generated by > > the current macro. > > > > See: https://src.fedoraproject.org/rpms/libvirt/pull-request/22 > > See: https://gitlab.com/libvirt/libvirt/-/merge_requests/319 > > See: https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/ > > > > Based on previous work by: Peter Krempa <pkrempa@xxxxxxxxxx> > > Signed-off-by: Timothée Ravier <tim@xxxxxxxx> > > --- > > libvirt.spec.in | 21 +++++++++++++-------- > > src/qemu/libvirt-qemu.sysusers.conf | 4 ++++ > > src/qemu/meson.build | 7 +++++++ > > 3 files changed, 24 insertions(+), 8 deletions(-) > > create mode 100644 src/qemu/libvirt-qemu.sysusers.conf > > Reviewed-by: Peter Krempa <pkrempa@xxxxxxxxxx> Unfortunately I failed to notice this before it had already made it into a release... > > +++ b/src/qemu/libvirt-qemu.sysusers.conf > > @@ -0,0 +1,4 @@ > > +g kvm 36 > > +g qemu 107 > > +u qemu 107:qemu "qemu user" - - > > +m qemu kvm These values are fine for Fedora/RHEL, but not elsewhere. For example, Debian would need something like g libvirt-qemu 64055 u libvirt-qemu 64055:libvirt-qemu instead. If you look at meson.build, you will see that we detect a number of operating systems/distributions in order to integrate as smoothly as possible with them. This can potentially break that, or at the very least make things quite confusing by virtue of more than one "QEMU user" existing on the system. Additionally, it completely fails to account for the qemu_user and qemu_group meson options, which have been around forever and can take arbitrary values. At the very least, installing this file needs to be gated behind a meson option that is off by default. A more complete solution that integrates properly with the existing facilities will require further work. -- Andrea Bolognani / Red Hat / Virtualization _______________________________________________ Devel mailing list -- devel@xxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxx
