Tools used by the Ubuntu QA Team

Merge ~jslarraz/ubuntu-qa-tools:add-premissions-for-libvirt-qemu-user into ubuntu-qa-tools:master

Proposed by Jorge Sancho Larraz on 2024-02-16

Status:	Merged
Merged at revision:	7e07fe17bcdc1809a4daed7e97e4a83131035aa6
Proposed branch:	~jslarraz/ubuntu-qa-tools:add-premissions-for-libvirt-qemu-user
Merge into:	ubuntu-qa-tools:master
Diff against target:	37 lines (+26/-0) 1 file modified vm-tools/uvt (+26/-0)
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Marc Deslauriers		2024-02-16	Approve on 2024-02-19
Review via email: mp+460694@code.launchpad.net

Commit message

uvt: grant libvirt-qemu search permissions on required directories

Description of the change

libvirt-qemu user requires search permissions all the way up vm_path and vm_dir_iso_cache. This uses setfacl to ensure that this requirement is met.

I'm just wondering if we also want to pronpt the user for this one

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2024-02-16:

Yeah, I think prompting the user is best here too, especially since these directories could be anywhere depending on what the user selected, and the use of extended acls isn't immediately obvious.

Revision history for this message

Jorge Sancho Larraz (jslarraz) wrote on 2024-02-19:

Updated to ask user before granting required permissions in commit https://git.launchpad.net/~jslarraz/ubuntu-qa-tools/commit/?id=8cb5322e58ab28d45452153052dbe81fe54a3851

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2024-02-19:

LGTM, thanks!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Christina A Reitbauer

Jorge Sancho Larraz

Steve Beattie

Ubuntu Bug Control

 diff --git a/vm-tools/uvt b/vm-tools/uvt
 index 0095643..69538d4 100755
 --- a/vm-tools/uvt
 +++ b/vm-tools/uvt
@@ -3554,6 +3554,32 @@ def load_uvt_config():
              print("Creating '%s' directory..." % config[d])
              os.makedirs(config[d])
++        # Ensure libvirt-qemu user has search permissions all the way up the path
++        # https://github.com/jedi4ever/veewee/issues/996
++        path = config[d]
++        while path != "/":
++            rc, out = runcmd(["getfacl", "-e", path])
++            if (not os.stat(path).st_mode & 0o001) and (re.search("user:libvirt-qemu:..x", out) is None):
++
++                print("Missing permissions found while creating '%s' directory. libvirt-qemu user "
++                      "requires search permission all the way up the path, but it seems to be"
++                      "missing on directory '%s'" % (d, path))
++                print("If you wish to change the location where '%s' is "
++                      "stored, you can launch 'uvt config', which will create "
++                      "a default config file in ~/%s that you can customize. " % (d, config_file))
++                print("")
++                if not confirm("Would you like to grant libvirt-qemu search permissions on '%s'?" % path):
++                    print("Aborting.")
++                    sys.exit(1)
++
++                rc, out = runcmd(["setfacl", "-m", "u:libvirt-qemu:rx", path])
++                if rc != 0:
++                    print("Error while granting libvirt-qemu search permissions on "
++                          "directory: '%s'. You can do it manully by issuing: " % path)
++                    print("setfacl -m u:libvirt-qemu:rx " + path)
++
++            path = os.path.abspath(os.path.join(path, os.pardir))
++
      conf_hash = hashlib.sha256((repr(sorted(config.items())).encode())).hexdigest()
      return (config, conf_hash)