On Thu, 2016-07-07 at 17:41 +0200, Jaroslav Suchanek wrote:
Follow the same logic for adding qemu user also for kvm and qemu
groups. As
is described in
https://fedoraproject.org/wiki/Packaging:UsersAndGroups
document there should be preallocated UIDs and GIDs for libvirt. A check for
required group id was added prior groupadd execution.
Resolves:
https://bugzilla.redhat.com/show_bug.cgi?id=1351792
---
libvirt.spec.in | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 2b98836..3dc3193 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1464,8 +1464,20 @@ fi
# We want soft static allocation of well-known ids, as disk images
# are commonly shared across NFS mounts by id rather than name; see
#
https://fedoraproject.org/wiki/Packaging:UsersAndGroups
-getent group kvm >/dev/null || groupadd -f -g 36 -r kvm
-getent group qemu >/dev/null || groupadd -f -g 107 -r qemu
+if ! getent group kvm >/dev/null; then
+ if ! getent group 36 >/dev/null; then
+ groupadd -f -g 36 -r kvm
+ else
+ groupadd -f -r kvm
+ fi
+fi
+if ! getent group qemu >/dev/null; then
+ if ! getent group 107 >/dev/null; then
+ groupadd -f -g 107 -r qemu
+ else
+ groupadd -f -r qemu
+ fi
+fi
if ! getent passwd qemu >/dev/null; then
if ! getent passwd 107 >/dev/null; then
useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu
There's no need to do that, as groupadd's -f flag already
does what you want in this situation:
When used with -g, and the specified GID already exists,
another (unique) GID is chosen
The commit that fixed the allocation issue is
commit a2584d58f6f7d941b960f996c8e26df8294b79b9
Author: Eric Blake <eblake(a)redhat.com>
Date: Wed May 1 14:28:43 2013 -0600
spec: proper soft static allocation of qemu uid
https://bugzilla.redhat.com/show_bug.cgi?id=924501 tracks a
problem that occurs if uid 107 is already in use at the time
libvirt is first installed. In response that problem, Fedora
packaging guidelines were recently updated. This fixes the
spec file to comply with the new guidelines:
https://fedoraproject.org/wiki/Packaging:UsersAndGroups
* libvirt.spec.in (daemon): Follow updated Fedora guidelines.
Signed-off-by: Eric Blake <eblake(a)redhat.com>
v1.0.5-35-ga2584d5
which has been backported to the v0.10.2-maint branch as
well. So downstream just need to pick up that commit :)
NACK
--
Andrea Bolognani / Red Hat / Virtualization