Re: [PATCH] qemu: pass "-1" as uid/gid for unprivileged qemu

Doug Goldstein <cardoe@xxxxxxxxxx> · Mon, 18 Feb 2013 12:09:32 -0600

On Sun, Feb 17, 2013 at 7:12 PM, Doug Goldstein <cardoe@xxxxxxxxxx> wrote:
> On Sun, Feb 17, 2013 at 11:33 AM, Guido Günther <agx@xxxxxxxxxxx> wrote:
>> so we don't try to change uid/git to 0 when probing capabilities.
>> ---
>>
>> On Fri, Feb 15, 2013 at 11:20:17PM -0600, Doug Goldstein wrote:
>>> The following error bisect's down to this commit when running out of
>>> my local checkout for testing.
>>>
>>> 2013-02-16 05:16:55.102+0000: 29992: error : virCommandWait:2270 :
>>> internal error Child process (LC_ALL=C
>>> LD_LIBRARY_PATH=/home/cardoe/work/libvirt/src/.libs
>>> PATH=/usr/local/bin:/usr/bin:/bin:/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.6.3:/usr/games/bin
>>> HOME=/home/cardoe USER=cardoe LOGNAME=cardoe /usr/bin/qemu-kvm -help)
>>> unexpected exit status 1: libvir:  error : internal error cannot apply
>>> process capabilities -1
>>
>> This is due to:
>>
>> debug : virExec:641 : Setting child uid:gid to 0:0 with caps 0
>>
>> We're trying to change capabilities even on qemu:///session. This
>> unbreaks the libvirt-tck jenkins test suite as well.
>>
>>  src/qemu/qemu_driver.c |    8 ++++++--
>>  1 file changed, 6 insertions(+), 2 deletions(-)
>>
>> diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
>> index 23499ef..dc35b91 100644
>> --- a/src/qemu/qemu_driver.c
>> +++ b/src/qemu/qemu_driver.c
>> @@ -556,6 +556,8 @@ qemuStartup(bool privileged,
>>      char *membase = NULL;
>>      char *mempath = NULL;
>>      virQEMUDriverConfigPtr cfg;
>> +    uid_t run_uid = -1;
>> +    gid_t run_gid = -1;
>>
>>      if (VIR_ALLOC(qemu_driver) < 0)
>>          return -1;
>> @@ -707,11 +709,13 @@ qemuStartup(bool privileged,
>>                                   cfg->snapshotDir, cfg->user, cfg->group);
>>              goto error;
>>          }
>> +        run_uid = cfg->user;
>> +        run_gid = cfg->group;
>>      }
>>
>>      qemu_driver->qemuCapsCache = virQEMUCapsCacheNew(cfg->libDir,
>> -                                                     cfg->user,
>> -                                                     cfg->group);
>> +                                                     run_uid,
>> +                                                     run_gid);
>>      if (!qemu_driver->qemuCapsCache)
>>          goto error;
>>
>> --
>> 1.7.10.4
>
> ACK. Resolves the issue for me and the change looks good.
>
> --
> Doug Goldstein

Thanks. Pushed.

-- 
Doug Goldstein

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list