Accepting request 677536 from home:jfehlig:branches:Virtualization

- qemu: don't use CAP_DAC_OVERRIDE capability if non-root
  620d9dd5-qemu-no-dac-override-nonroot.patch
  boo#1125665

OBS-URL: https://build.opensuse.org/request/show/677536
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=730
This commit is contained in:
James Fehlig 2019-02-20 01:23:34 +00:00 committed by Git OBS Bridge
parent 3558b40b5b
commit 61b77bff2e
3 changed files with 34 additions and 0 deletions

View File

@ -0,0 +1,25 @@
commit 620d9dd598fde388f56ac37bcd3b31168c2f9fc6
Author: Peter Krempa <pkrempa@redhat.com>
Date: Mon Feb 4 16:24:15 2019 +0100
qemu: caps: Don't try to ask for CAP_DAC_OVERRIDE if non-root
It will not work. This breaks qemu capabilities probing as a user.
Signed-off-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Erik Skultety <eskultet@redhat.com>
Index: libvirt-5.0.0/src/qemu/qemu_capabilities.c
===================================================================
--- libvirt-5.0.0.orig/src/qemu/qemu_capabilities.c
+++ libvirt-5.0.0/src/qemu/qemu_capabilities.c
@@ -4529,7 +4529,8 @@ virQEMUCapsInitQMPCommandRun(virQEMUCaps
#if WITH_CAPNG
/* QEMU might run into permission issues, e.g. /dev/sev (0600), override
* them just for the purpose of probing */
- virCommandAllowCap(cmd->cmd, CAP_DAC_OVERRIDE);
+ if (geteuid() == 0)
+ virCommandAllowCap(cmd->cmd, CAP_DAC_OVERRIDE);
#endif
virCommandSetGID(cmd->cmd, cmd->runGid);

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Tue Feb 19 23:36:28 UTC 2019 - James Fehlig <jfehlig@suse.com>
- qemu: don't use CAP_DAC_OVERRIDE capability if non-root
620d9dd5-qemu-no-dac-override-nonroot.patch
boo#1125665
-------------------------------------------------------------------
Fri Feb 8 21:32:29 UTC 2019 - James Fehlig <jfehlig@suse.com>

View File

@ -340,6 +340,7 @@ Patch4: a404ac34-qemu-cgroup-sev.patch
Patch5: 6fd4c8f8-qemu-domain-sev.patch
Patch6: 17f6a257-security-dac-sev.patch
Patch7: a2d3dea9-qemu-caps-dac-override-sev.patch
Patch8: 620d9dd5-qemu-no-dac-override-nonroot.patch
# Patches pending upstream review
Patch100: libxl-dom-reset.patch
Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch
@ -881,6 +882,7 @@ libvirt plugin for NSS for translating domain names into IP addresses.
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch100 -p1
%patch101 -p1
%patch150 -p1