Accepting request 677536 from home:jfehlig:branches:Virtualization
- qemu: don't use CAP_DAC_OVERRIDE capability if non-root 620d9dd5-qemu-no-dac-override-nonroot.patch boo#1125665 OBS-URL: https://build.opensuse.org/request/show/677536 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=730
This commit is contained in:
parent
3558b40b5b
commit
61b77bff2e
25
620d9dd5-qemu-no-dac-override-nonroot.patch
Normal file
25
620d9dd5-qemu-no-dac-override-nonroot.patch
Normal file
@ -0,0 +1,25 @@
|
||||
commit 620d9dd598fde388f56ac37bcd3b31168c2f9fc6
|
||||
Author: Peter Krempa <pkrempa@redhat.com>
|
||||
Date: Mon Feb 4 16:24:15 2019 +0100
|
||||
|
||||
qemu: caps: Don't try to ask for CAP_DAC_OVERRIDE if non-root
|
||||
|
||||
It will not work. This breaks qemu capabilities probing as a user.
|
||||
|
||||
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
|
||||
Reviewed-by: Erik Skultety <eskultet@redhat.com>
|
||||
|
||||
Index: libvirt-5.0.0/src/qemu/qemu_capabilities.c
|
||||
===================================================================
|
||||
--- libvirt-5.0.0.orig/src/qemu/qemu_capabilities.c
|
||||
+++ libvirt-5.0.0/src/qemu/qemu_capabilities.c
|
||||
@@ -4529,7 +4529,8 @@ virQEMUCapsInitQMPCommandRun(virQEMUCaps
|
||||
#if WITH_CAPNG
|
||||
/* QEMU might run into permission issues, e.g. /dev/sev (0600), override
|
||||
* them just for the purpose of probing */
|
||||
- virCommandAllowCap(cmd->cmd, CAP_DAC_OVERRIDE);
|
||||
+ if (geteuid() == 0)
|
||||
+ virCommandAllowCap(cmd->cmd, CAP_DAC_OVERRIDE);
|
||||
#endif
|
||||
|
||||
virCommandSetGID(cmd->cmd, cmd->runGid);
|
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Tue Feb 19 23:36:28 UTC 2019 - James Fehlig <jfehlig@suse.com>
|
||||
|
||||
- qemu: don't use CAP_DAC_OVERRIDE capability if non-root
|
||||
620d9dd5-qemu-no-dac-override-nonroot.patch
|
||||
boo#1125665
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Feb 8 21:32:29 UTC 2019 - James Fehlig <jfehlig@suse.com>
|
||||
|
||||
|
@ -340,6 +340,7 @@ Patch4: a404ac34-qemu-cgroup-sev.patch
|
||||
Patch5: 6fd4c8f8-qemu-domain-sev.patch
|
||||
Patch6: 17f6a257-security-dac-sev.patch
|
||||
Patch7: a2d3dea9-qemu-caps-dac-override-sev.patch
|
||||
Patch8: 620d9dd5-qemu-no-dac-override-nonroot.patch
|
||||
# Patches pending upstream review
|
||||
Patch100: libxl-dom-reset.patch
|
||||
Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch
|
||||
@ -881,6 +882,7 @@ libvirt plugin for NSS for translating domain names into IP addresses.
|
||||
%patch5 -p1
|
||||
%patch6 -p1
|
||||
%patch7 -p1
|
||||
%patch8 -p1
|
||||
%patch100 -p1
|
||||
%patch101 -p1
|
||||
%patch150 -p1
|
||||
|
Loading…
Reference in New Issue
Block a user