9:31 a.m.
While ago, commit 32a9aac2e04c991340b66c855a1095e4e6445e54 introduced
a change of the folders used to keep information in user home
directories. As this can still cause problems, mainly with older
SELinux policies, make this change variable with new configuration
option '--disable-xdg'.
---
Sorry for not splitting this patch, but either having the option and
not making it work or the other way around is pretty bad (and having
it in repo as a commit even worse).
configure.ac | 14 +++++++
daemon/Makefile.am | 2 +
daemon/libvirtd-config.c | 11 ++++++
daemon/libvirtd.c | 84 +++++++++++++++++++++++++++++++++++++-----
daemon/libvirtd.pod.in | 6 +--
libvirt.spec.in | 11 ++++++
src/libvirt.c | 19 ++++++++--
src/network/bridge_driver.c | 22 ++++++++++-
src/nwfilter/nwfilter_driver.c | 15 +++++++-
src/qemu/qemu_driver.c | 55 ++++++++++++++++++---------
src/remote/remote_driver.c | 15 +++++++-
src/secret/secret_driver.c | 13 +++++++
src/uml/uml_driver.c | 14 +++++++
src/util/virauth.c | 8 ++++
tools/virsh.c | 13 +++++++
15 files changed, 263 insertions(+), 39 deletions(-)
diff --git a/configure.ac b/configure.ac
index ee51bb6..cacdefe 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2545,6 +2545,20 @@ if test "$enable_locking" = "yes"; then
fi
AM_CONDITIONAL([WITH_CIL],[test "$enable_locking" = "yes"])
+dnl --enable-xdg=(yes|no)
+AC_ARG_ENABLE([xdg],
+ [AC_HELP_STRING([--disable-xdg],
+ [disable using XDG folders])],
+ [], [enable_xdg=yes])
+if test x"$enable_xdg" = x"yes"; then
+ AC_DEFINE([ENABLE_XDG], [], [whether to use XDG folders])
+ AC_SUBST([userconfdir], [[XDG_CONFIG_DIR/libvirt]])
+ AC_SUBST([userrundir], [[XDG_RUNTIME_DIR/libvirt]])
+else
+ AC_SUBST([userconfdir], [[HOME/.libvirt]])
+ AC_SUBST([userrundir], [HOME/.libvirt])
+fi
+
dnl Enable building libvirtd?
AM_CONDITIONAL([WITH_LIBVIRTD],[test "x$with_libvirtd" = "xyes"])
diff --git a/daemon/Makefile.am b/daemon/Makefile.am
index 3405c67..1b9ad7c 100644
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -87,6 +87,8 @@ libvirtd.8: $(srcdir)/libvirtd.8.in
sed \
-e 's!SYSCONFDIR!$(sysconfdir)!g' \
-e 's!LOCALSTATEDIR!$(localstatedir)!g' \
+ -e 's!USERCONFDIR!$(userconfdir)!g' \
+ -e 's!USERRUNDIR!$(userrundir)!g' \
< $< > $@-t
mv $@-t $@
diff --git a/daemon/libvirtd-config.c b/daemon/libvirtd-config.c
index d9dfea1..227147d 100644
--- a/daemon/libvirtd-config.c
+++ b/daemon/libvirtd-config.c
@@ -203,6 +203,7 @@ daemonConfigFilePath(bool privileged, char **configfile)
} else {
char *configdir = NULL;
+#ifdef ENABLE_XDG
if (!(configdir = virGetUserConfigDirectory()))
goto error;
@@ -210,6 +211,16 @@ daemonConfigFilePath(bool privileged, char **configfile)
VIR_FREE(configdir);
goto no_memory;
}
+#else
+ if (!(configdir = virGetUserDirectory()))
+ goto error;
+
+ if (virAsprintf(configfile, "%s/.libvirt/libvirtd.conf", configdir)
< 0) {
+ VIR_FREE(configdir);
+ goto no_memory;
+ }
+#endif
+
VIR_FREE(configdir);
}
diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
index b49acc5..c87039e 100644
--- a/daemon/libvirtd.c
+++ b/daemon/libvirtd.c
@@ -245,6 +245,8 @@ daemonPidFilePath(bool privileged,
goto no_memory;
} else {
char *rundir = NULL;
+
+#ifdef ENABLE_XDG
mode_t old_umask;
if (!(rundir = virGetUserRuntimeDirectory()))
@@ -261,6 +263,15 @@ daemonPidFilePath(bool privileged,
VIR_FREE(rundir);
goto no_memory;
}
+#else
+ if (!(rundir = virGetUserDirectory()))
+ goto error;
+
+ if (virAsprintf(pidfile, "%s/.libvirt/libvirtd.pid", rundir) < 0) {
+ VIR_FREE(rundir);
+ goto no_memory;
+ }
+#endif
VIR_FREE(rundir);
}
@@ -293,8 +304,9 @@ daemonUnixSocketPaths(struct daemonConfig *config,
goto no_memory;
} else {
char *rundir = NULL;
- mode_t old_umask;
+#ifdef ENABLE_XDG
+ mode_t old_umask;
if (!(rundir = virGetUserRuntimeDirectory()))
goto error;
@@ -309,6 +321,15 @@ daemonUnixSocketPaths(struct daemonConfig *config,
VIR_FREE(rundir);
goto no_memory;
}
+#else
+ if (!(rundir = virGetUserDirectory()))
+ goto error;
+
+ if (virAsprintf(sockfile, "(a)%s/.libvirt/libvirt-sock", rundir) <
0) {
+ VIR_FREE(rundir);
+ goto no_memory;
+ }
+#endif
VIR_FREE(rundir);
}
@@ -663,10 +684,12 @@ daemonSetupLogging(struct daemonConfig *config,
LOCALSTATEDIR) == -1)
goto no_memory;
} else {
- char *logdir = virGetUserCacheDirectory();
+ char *logdir = NULL;
+
+#ifdef ENABLE_XDG
mode_t old_umask;
- if (!logdir)
+ if (!(logdir = virGetUserCacheDirectory()))
goto error;
old_umask = umask(077);
@@ -681,6 +704,17 @@ daemonSetupLogging(struct daemonConfig *config,
VIR_FREE(logdir);
goto no_memory;
}
+#else
+ if (!(logdir = virGetUserDirectory()))
+ goto error;
+
+ if (virAsprintf(&tmp, "%d:file:%s/.libvirt/libvirtd.log",
+ virLogGetDefaultPriority(), logdir) == -1) {
+ VIR_FREE(logdir);
+ goto no_memory;
+ }
+#endif
+
VIR_FREE(logdir);
}
} else {
@@ -801,6 +835,7 @@ static int daemonStateInit(virNetServerPtr srv)
return 0;
}
+#ifdef ENABLE_XDG
static int migrateProfile(void)
{
char *old_base = NULL;
@@ -876,6 +911,7 @@ static int migrateProfile(void)
return ret;
}
+#endif
/* Print command-line usage. */
static void
@@ -926,14 +962,14 @@ libvirt management daemon:\n"), argv0);
LOCALSTATEDIR);
} else {
fprintf(stderr,
- "%s", _("\n\
+ _("\n\
Default paths:\n\
\n\
Configuration file (unless overridden by -f):\n\
- $XDG_CONFIG_HOME/libvirt/libvirtd.conf\n\
+ %s/libvirtd.conf\n\
\n\
Sockets:\n\
- $XDG_RUNTIME_DIR/libvirt/libvirt-sock (in UNIX abstract namespace)\n\
+ %s/libvirt-sock (in UNIX abstract namespace)\n \
\n\
TLS:\n\
CA certificate: $HOME/.pki/libvirt/cacert.pem\n\
@@ -941,8 +977,18 @@ libvirt management daemon:\n"), argv0);
Server private key: $HOME/.pki/libvirt/serverkey.pem\n\
\n\
PID file:\n\
- $XDG_RUNTIME_DIR/libvirt/libvirtd.pid\n\
-\n"));
+ %s/libvirtd.pid\n \
+\n"),
+#ifdef ENABLE_XDG
+ "$XDG_CONFIG_HOME/libvirt",
+ "$XDG_RUNTIME_DIR/libvirt",
+ "$XDG_RUNTIME_DIR/libvirt"
+#else
+ "$HOME/.libvirt",
+ "$HOME/.libvirt",
+ "$HOME/.libvirt"
+#endif
+ );
}
}
@@ -1115,11 +1161,13 @@ int main(int argc, char **argv) {
exit(EXIT_FAILURE);
}
+#ifdef ENABLE_XDG
if (!privileged &&
migrateProfile() < 0) {
VIR_ERROR(_("Exiting due to failure to migrate profile"));
exit(EXIT_FAILURE);
}
+#endif
if (config->host_uuid &&
virSetHostUUIDStr(config->host_uuid) < 0) {
@@ -1170,22 +1218,38 @@ int main(int argc, char **argv) {
if (privileged) {
run_dir = strdup(LOCALSTATEDIR "/run/libvirt");
} else {
+#ifdef ENABLE_XDG
run_dir = virGetUserRuntimeDirectory();
if (!run_dir) {
VIR_ERROR(_("Can't determine user directory"));
goto cleanup;
}
+#else
+ char *user_dir = virGetUserDirectory();
+
+ if (!user_dir) {
+ VIR_ERROR(_("Can't determine user directory"));
+ goto cleanup;
+ }
+ ignore_value(virAsprintf(&run_dir, "%s/.libvirt/", user_dir));
+ VIR_FREE(user_dir);
+#endif
}
if (!run_dir) {
virReportOOMError();
goto cleanup;
}
- if (privileged)
+ if (privileged) {
old_umask = umask(022);
- else
+ } else {
+#ifdef ENABLE_XDG
old_umask = umask(077);
+#else
+ old_umask = umask(022);
+#endif
+ }
VIR_DEBUG("Ensuring run dir '%s' exists", run_dir);
if (virFileMakePath(run_dir) < 0) {
char ebuf[1024];
diff --git a/daemon/libvirtd.pod.in b/daemon/libvirtd.pod.in
index 930b752..82cb14f 100644
--- a/daemon/libvirtd.pod.in
+++ b/daemon/libvirtd.pod.in
@@ -112,12 +112,12 @@ The PID file to use, unless overridden by the
B<-p>|B<--pid-file> option.
=over
-=item F<$XDG_CONFIG_HOME/libvirtd.conf>
+=item F<$USERCONFDIR/libvirtd.conf>
The default configuration file used by libvirtd, unless overridden on the
command line using the B<-f>|B<--config> option.
-=item F<$XDG_RUNTIME_DIR/libvirt/libvirt-sock>
+=item F<$USERRUNDIR/libvirt-sock>
The socket libvirtd will use.
@@ -133,7 +133,7 @@ The TLS B<Server> certificate libvirtd will use.
The TLS B<Server> private key libvirtd will use.
-=item F<$XDG_RUNTIME_DIR/libvirt/libvirtd.pid>
+=item F<$USERRUNDIR/libvirtd.pid>
The PID file to use, unless overridden by the B<-p>|B<--pid-file> option.
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 318fe92..0ec7e03 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -305,6 +305,12 @@
%endif
+# Don't change user directories in older RHELs
+%if 0%{?rhel} <= 6
+%define
+%endif
+
+
# The RHEL-5 Xen package has some feature backports. This
# flag is set to enable use of those special bits on RHEL-5
%if 0%{?rhel} == 5
@@ -1210,6 +1216,10 @@ of recent versions of Linux (and other OSes).
%define _with_firewalld --with-firewalld
%endif
+%if %{disable_xdg}
+%define _disable_xdg --enable-xdg=no
+%endif
+
%define when %(date +"%%F-%%T")
%define where %(hostname)
%define who %{?packager}%{!?packager:Unknown}
@@ -1278,6 +1288,7 @@ autoreconf -if
%{?_without_dtrace} \
%{?_without_driver_modules} \
%{?_with_firewalld} \
+ %{?_disable_xdg} \
%{with_packager} \
%{with_packager_version} \
--with-qemu-user=%{qemu_user} \
diff --git a/src/libvirt.c b/src/libvirt.c
index 76e4401..4a15808 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -922,15 +922,26 @@ virConnectGetConfigFilePath(void)
SYSCONFDIR) < 0)
goto no_memory;
} else {
- char *userdir = virGetUserConfigDirectory();
- if (!userdir)
+ char *userdir = NULL;
+
+#ifdef ENABLE_XDG
+ if (!(userdir = virGetUserConfigDirectory()))
goto error;
- if (virAsprintf(&path, "%s/libvirt.conf",
- userdir) < 0) {
+ if (virAsprintf(&path, "%s/libvirt.conf", userdir) < 0) {
VIR_FREE(userdir);
goto no_memory;
}
+#else
+ if (!(userdir = virGetUserDirectory()))
+ goto error;
+
+ if (virAsprintf(&path, "%s/.libvirt/libvirt.conf", userdir) < 0)
{
+ VIR_FREE(userdir);
+ goto no_memory;
+ }
+#endif
+
VIR_FREE(userdir);
}
diff --git a/src/network/bridge_driver.c b/src/network/bridge_driver.c
index e1846ee..874b3be 100644
--- a/src/network/bridge_driver.c
+++ b/src/network/bridge_driver.c
@@ -302,9 +302,10 @@ networkStartup(int privileged) {
if ((base = strdup (SYSCONFDIR "/libvirt")) == NULL)
goto out_of_memory;
} else {
- char *userdir = virGetUserCacheDirectory();
+ char *userdir = NULL;
- if (!userdir)
+#ifdef ENABLE_XDG
+ if (!(userdir = virGetUserCacheDirectory()))
goto error;
if (virAsprintf(&driverState->logDir,
@@ -320,6 +321,23 @@ networkStartup(int privileged) {
goto out_of_memory;
}
VIR_FREE(userdir);
+#else
+ if (!(userdir = virGetUserDirectory()))
+ goto error;
+
+ if (virAsprintf(&driverState->logDir,
+ "%s/.libvirt/qemu/log", userdir) == -1) {
+ VIR_FREE(userdir);
+ goto out_of_memory;
+ }
+
+ if (virAsprintf(&base, "%s/.libvirt", userdir) == -1) {
+ VIR_FREE(userdir);
+ goto out_of_memory;
+ }
+ VIR_FREE(userdir);
+#endif
+
}
/* Configuration paths are either ~/.libvirt/qemu/... (session) or
diff --git a/src/nwfilter/nwfilter_driver.c b/src/nwfilter/nwfilter_driver.c
index a80bb66..b0be1c6 100644
--- a/src/nwfilter/nwfilter_driver.c
+++ b/src/nwfilter/nwfilter_driver.c
@@ -2,7 +2,7 @@
* nwfilter_driver.c: core driver for network filter APIs
* (based on storage_driver.c)
*
- * Copyright (C) 2006-2011 Red Hat, Inc.
+ * Copyright (C) 2006-2012 Red Hat, Inc.
* Copyright (C) 2006-2008 Daniel P. Berrange
* Copyright (C) 2010 IBM Corporation
* Copyright (C) 2010 Stefan Berger
@@ -219,9 +219,22 @@ nwfilterDriverStartup(int privileged)
if ((base = strdup (SYSCONFDIR "/libvirt")) == NULL)
goto out_of_memory;
} else {
+#ifdef ENABLE_XDG
base = virGetUserConfigDirectory();
if (!base)
goto error;
+#else
+ char *userdir = virGetUserDirectory();
+
+ if (!userdir)
+ goto error;
+
+ if (virAsprintf(&base, "%s/.libvirt", userdir) == -1) {
+ VIR_FREE(userdir);
+ goto out_of_memory;
+ }
+ VIR_FREE(userdir);
+#endif
}
if (virAsprintf(&driverState->configDir,
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c
index decf0fb..cc8185d 100644
--- a/src/qemu/qemu_driver.c
+++ b/src/qemu/qemu_driver.c
@@ -659,36 +659,57 @@ qemudStartup(int privileged) {
"%s/lib/libvirt/qemu/dump", LOCALSTATEDIR) == -1)
goto out_of_memory;
} else {
- char *rundir;
- char *cachedir;
+ char *tmpdir;
- cachedir = virGetUserCacheDirectory();
- if (!cachedir)
+#ifdef ENABLE_XDG
+ base = virGetUserConfigDirectory();
+ if (!base)
+ goto error;
+
+ tmpdir = virGetUserCacheDirectory();
+ if (!tmpdir)
goto error;
if (virAsprintf(&qemu_driver->logDir,
- "%s/qemu/log", cachedir) == -1) {
- VIR_FREE(cachedir);
+ "%s/qemu/log", tmpdir) == -1) {
+ VIR_FREE(tmpdir);
goto out_of_memory;
}
- if (virAsprintf(&qemu_driver->cacheDir, "%s/qemu/cache",
cachedir) == -1) {
- VIR_FREE(cachedir);
+ if (virAsprintf(&qemu_driver->cacheDir, "%s/qemu/cache", tmpdir)
== -1) {
+ VIR_FREE(tmpdir);
goto out_of_memory;
}
- VIR_FREE(cachedir);
+ VIR_FREE(tmpdir);
- rundir = virGetUserRuntimeDirectory();
- if (!rundir)
+ tmpdir = virGetUserRuntimeDirectory();
+ if (!tmpdir)
goto error;
- if (virAsprintf(&qemu_driver->stateDir, "%s/qemu/run", rundir)
== -1) {
- VIR_FREE(rundir);
+ if (virAsprintf(&qemu_driver->stateDir, "%s/qemu/run", tmpdir)
== -1) {
+ VIR_FREE(tmpdir);
goto out_of_memory;
}
- VIR_FREE(rundir);
-
- base = virGetUserConfigDirectory();
- if (!base)
+ VIR_FREE(tmpdir);
+#else
+ if (!(tmpdir = virGetUserDirectory()))
goto error;
+
+ if (virAsprintf(&qemu_driver->logDir,
+ "%s/.libvirt/qemu/log", tmpdir) == -1) {
+ VIR_FREE(tmpdir);
+ goto out_of_memory;
+ }
+
+ if (virAsprintf(&base, "%s/.libvirt", tmpdir) == -1) {
+ VIR_FREE(tmpdir);
+ goto out_of_memory;
+ }
+
+ if (virAsprintf(&qemu_driver->stateDir, "%s/qemu/run", base) ==
-1)
+ goto out_of_memory;
+ if (virAsprintf(&qemu_driver->cacheDir, "%s/qemu/cache", base)
== -1)
+ goto out_of_memory;
+#endif
+
if (virAsprintf(&qemu_driver->libDir, "%s/qemu/lib", base) ==
-1)
goto out_of_memory;
if (virAsprintf(&qemu_driver->saveDir, "%s/qemu/save", base) ==
-1)
diff --git a/src/remote/remote_driver.c b/src/remote/remote_driver.c
index fc4c696..1b6a360 100644
--- a/src/remote/remote_driver.c
+++ b/src/remote/remote_driver.c
@@ -640,15 +640,26 @@ doRemoteOpen(virConnectPtr conn,
case trans_unix:
if (!sockname) {
if (flags & VIR_DRV_OPEN_REMOTE_USER) {
- char *userdir = virGetUserRuntimeDirectory();
+ char *userdir = NULL;
- if (!userdir)
+# ifdef ENABLE_XDG
+ if (!(userdir = virGetUserRuntimeDirectory()))
goto failed;
if (virAsprintf(&sockname, "%s/" LIBVIRTD_USER_UNIX_SOCKET,
userdir) < 0) {
VIR_FREE(userdir);
goto no_memory;
}
+# else
+ if (!(userdir = virGetUserDirectory()))
+ goto failed;
+
+ if (virAsprintf(&sockname, "%s/.libvirt/"
LIBVIRTD_USER_UNIX_SOCKET, userdir) < 0) {
+ VIR_FREE(userdir);
+ goto no_memory;
+ }
+# endif
+
VIR_FREE(userdir);
} else {
if (flags & VIR_DRV_OPEN_REMOTE_RO)
diff --git a/src/secret/secret_driver.c b/src/secret/secret_driver.c
index 9ce1e33..846b5cc 100644
--- a/src/secret/secret_driver.c
+++ b/src/secret/secret_driver.c
@@ -1091,9 +1091,22 @@ secretDriverStartup(int privileged)
if (base == NULL)
goto out_of_memory;
} else {
+#ifdef ENABLE_XDG
base = virGetUserConfigDirectory();
if (!base)
goto error;
+#else
+ char *userdir = virGetUserDirectory();
+
+ if (!userdir)
+ goto error;
+
+ if (virAsprintf(&base, "%s/.libvirt", userdir) == -1) {
+ VIR_FREE(userdir);
+ goto out_of_memory;
+ }
+ VIR_FREE(userdir);
+#endif
}
if (virAsprintf(&driverState->directory, "%s/secrets", base) == -1)
goto out_of_memory;
diff --git a/src/uml/uml_driver.c b/src/uml/uml_driver.c
index c341fab..1cc5c20 100644
--- a/src/uml/uml_driver.c
+++ b/src/uml/uml_driver.c
@@ -462,9 +462,23 @@ umlStartup(int privileged)
"%s/run/libvirt/uml-guest", LOCALSTATEDIR) == -1)
goto out_of_memory;
} else {
+
+#ifdef ENABLE_XDG
base = virGetUserConfigDirectory();
if (!base)
goto error;
+#else
+ userdir = virGetUserDirectory();
+
+ if (!userdir)
+ goto error;
+
+ if (virAsprintf(&base, "%s/.libvirt", userdir) == -1) {
+ VIR_FREE(userdir);
+ goto out_of_memory;
+ }
+ VIR_FREE(userdir);
+#endif
if (virAsprintf(¨_driver->logDir,
"%s/uml/log", base) == -1)
diff --git a/src/util/virauth.c b/src/util/virauth.c
index 6d9935d..a5dbc1f 100644
--- a/src/util/virauth.c
+++ b/src/util/virauth.c
@@ -68,11 +68,19 @@ int virAuthGetConfigFilePath(virConnectPtr conn,
}
}
+#ifdef ENABLE_XDG
if (!(userdir = virGetUserConfigDirectory()))
goto cleanup;
if (virAsprintf(path, "%s/auth.conf", userdir) < 0)
goto no_memory;
+#else
+ if (!(userdir = virGetUserDirectory()))
+ goto cleanup;
+
+ if (virAsprintf(path, "%s/.libvirt/auth.conf", userdir) < 0)
+ goto no_memory;
+#endif
VIR_DEBUG("Checking for readability of '%s'", *path);
if (access(*path, R_OK) == 0)
diff --git a/tools/virsh.c b/tools/virsh.c
index f0ec625..2d0e62b 100644
--- a/tools/virsh.c
+++ b/tools/virsh.c
@@ -2465,18 +2465,31 @@ vshReadlineInit(vshControl *ctl)
stifle_history(500);
/* Prepare to read/write history from/to the $XDG_CACHE_HOME/virsh/history file */
+
+# ifdef ENABLE_XDG
userdir = virGetUserCacheDirectory();
+# else
+ userdir = virGetUserDirectory();
+# endif
if (userdir == NULL) {
vshError(ctl, "%s", _("Could not determine home
directory"));
return -1;
}
+# ifdef ENABLE_XDG
if (virAsprintf(&ctl->historydir, "%s/virsh", userdir) < 0) {
vshError(ctl, "%s", _("Out of memory"));
VIR_FREE(userdir);
return -1;
}
+# else
+ if (virAsprintf(&ctl->historydir, "%s/.virsh", userdir) < 0) {
+ vshError(ctl, "%s", _("Out of memory"));
+ VIR_FREE(userdir);
+ return -1;
+ }
+# endif
if (virAsprintf(&ctl->historyfile, "%s/history", ctl->historydir)
< 0) {
vshError(ctl, "%s", _("Out of memory"));
--
1.7.12.3