Accepting request 976175 from home:vulyanov:branches:Virtualization:tpm

- Setup permissions and capabilities for non-root VMIs OBS-URL: https://build.opensuse.org/request/show/976175 OBS-URL: https://build.opensuse.org/package/show/Virtualization/virt-launcher-container?expand=0&rev=25
2022-05-11 04:35:19 +00:00 · 2022-05-11 04:35:19 +00:00 · 7352e5b8cb
commit 7352e5b8cb
parent b1f6c49373
2 changed files with 11 additions and 0 deletions
--- a/6
+++ b/6
@ -76,4 +76,10 @@ COPY augconf /augconf
 RUN augtool -f /augconf
 RUN cd /var && rm -rf run && ln -s ../run .

+# Setup permissions and capabilities for non-root VMIs. KubeVirt sets
+# XDG_* directories to /var/run.
+RUN setcap 'cap_net_bind_service,cap_sys_ptrace=+ep' /usr/bin/virt-launcher && \
+    chmod 0755 /etc/libvirt && \
+    chown qemu:qemu /var/run
+
 ENTRYPOINT [ "/usr/bin/virt-launcher" ]
--- a/virt-launcher-container.changes
+++ b/virt-launcher-container.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Wed Apr 27 16:30:17 UTC 2022 - Vasily Ulyanov <vasily.ulyanov@suse.com>
+
+- Setup permissions and capabilities for non-root VMIs
+
 -------------------------------------------------------------------
 Fri Apr 15 10:50:30 UTC 2022 - Vasily Ulyanov <vasily.ulyanov@suse.com>