From 7352e5b8cb32a53902ff4710f311eadeaeefc1d0f5511d3a1e22388f63352416 Mon Sep 17 00:00:00 2001
From: Vasily Ulyanov <vasily.ulyanov@suse.com>
Date: Wed, 11 May 2022 04:35:19 +0000
Subject: [PATCH] Accepting request 976175 from
 home:vulyanov:branches:Virtualization:tpm

- Setup permissions and capabilities for non-root VMIs

OBS-URL: https://build.opensuse.org/request/show/976175
OBS-URL: https://build.opensuse.org/package/show/Virtualization/virt-launcher-container?expand=0&rev=25
---
 Dockerfile                      | 6 ++++++
 virt-launcher-container.changes | 5 +++++
 2 files changed, 11 insertions(+)

diff --git a/Dockerfile b/Dockerfile
index 6bcb1dd..50bc31c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -76,4 +76,10 @@ COPY augconf /augconf
 RUN augtool -f /augconf
 RUN cd /var && rm -rf run && ln -s ../run .
 
+# Setup permissions and capabilities for non-root VMIs. KubeVirt sets
+# XDG_* directories to /var/run.
+RUN setcap 'cap_net_bind_service,cap_sys_ptrace=+ep' /usr/bin/virt-launcher && \
+    chmod 0755 /etc/libvirt && \
+    chown qemu:qemu /var/run
+
 ENTRYPOINT [ "/usr/bin/virt-launcher" ]
diff --git a/virt-launcher-container.changes b/virt-launcher-container.changes
index a25a4c2..614e13b 100644
--- a/virt-launcher-container.changes
+++ b/virt-launcher-container.changes
@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed Apr 27 16:30:17 UTC 2022 - Vasily Ulyanov <vasily.ulyanov@suse.com>
+
+- Setup permissions and capabilities for non-root VMIs
+
 -------------------------------------------------------------------
 Fri Apr 15 10:50:30 UTC 2022 - Vasily Ulyanov <vasily.ulyanov@suse.com>