ubuntu-bugcontrol team mailing list archive
-
ubuntu-bugcontrol team
-
Mailing list archive
-
Message #04680
[Merge] ~jslarraz/ubuntu-qa-tools:add-premissions-for-libvirt-qemu-user into ubuntu-qa-tools:master
Jorge Sancho Larraz has proposed merging ~jslarraz/ubuntu-qa-tools:add-premissions-for-libvirt-qemu-user into ubuntu-qa-tools:master.
Commit message:
uvt: grant libvirt-qemu search permissions on required directories
Requested reviews:
Ubuntu Bug Control (ubuntu-bugcontrol)
For more details, see:
https://code.launchpad.net/~jslarraz/ubuntu-qa-tools/+git/ubuntu-qa-tools/+merge/460694
libvirt-qemu user requires search permissions all the way up vm_path and vm_dir_iso_cache. This uses setfacl to ensure that this requirement is met.
I'm just wondering if we also want to pronpt the user for this one
--
Your team Ubuntu Bug Control is requested to review the proposed merge of ~jslarraz/ubuntu-qa-tools:add-premissions-for-libvirt-qemu-user into ubuntu-qa-tools:master.
diff --git a/vm-tools/uvt b/vm-tools/uvt
index 7d655b1..d5ffee1 100755
--- a/vm-tools/uvt
+++ b/vm-tools/uvt
@@ -3531,6 +3531,19 @@ def load_uvt_config():
print("Creating '%s' directory..." % config[d])
os.makedirs(config[d])
+ # Ensure libvirt-qemu user has search permissions all the way up the path
+ # https://github.com/jedi4ever/veewee/issues/996
+ path = config[d]
+ while path != "/":
+ if not os.stat(path).st_mode & 0o001:
+ rc, out = runcmd(["setfacl", "-m", "u:libvirt-qemu:rx", path])
+ if rc != 0:
+ print("Error while granting libvirt-qemu search permissions on "
+ "directory: '%s'. You can do it manully by issuing: " % path)
+ print("setfacl -m u:libvirt-qemu:rx " + path)
+
+ path = os.path.abspath(os.path.join(path, os.pardir))
+
conf_hash = hashlib.sha256((repr(sorted(config.items())).encode())).hexdigest()
return (config, conf_hash)
Follow ups
