On Mon, Feb 05, 2024 at 03:10:41PM +0100, Peter Krempa wrote:
On Fri, Feb 02, 2024 at 18:59:44 -0000, tim(a)siosm.fr wrote:
> Install a systemd sysusers config file for the qemu & kvm user/groups.
>
> We can not use the sysusers_create_compat macro in the RPM specfile to
> create those users as we want to keep the specfile standalone and not
> relying on additionnal files.
>
> Update the specfile to make the commands closer to what is generated by
> the current macro.
>
> See:
https://src.fedoraproject.org/rpms/libvirt/pull-request/22
> See:
https://gitlab.com/libvirt/libvirt/-/merge_requests/319
> See:
https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/
>
> Based on previous work by: Peter Krempa <pkrempa(a)redhat.com>
> Signed-off-by: Timothée Ravier <tim(a)siosm.fr>
> ---
> libvirt.spec.in | 21 +++++++++++++--------
> src/qemu/libvirt-qemu.sysusers.conf | 4 ++++
> src/qemu/meson.build | 7 +++++++
> 3 files changed, 24 insertions(+), 8 deletions(-)
> create mode 100644 src/qemu/libvirt-qemu.sysusers.conf
Reviewed-by: Peter Krempa <pkrempa(a)redhat.com>
Unfortunately I failed to notice this before it had already made it
into a release...
> +++ b/src/qemu/libvirt-qemu.sysusers.conf
> @@ -0,0 +1,4 @@
> +g kvm 36
> +g qemu 107
> +u qemu 107:qemu "qemu user" - -
> +m qemu kvm
These values are fine for Fedora/RHEL, but not elsewhere. For
example, Debian would need something like
g libvirt-qemu 64055
u libvirt-qemu 64055:libvirt-qemu
instead.
If you look at meson.build, you will see that we detect a number of
operating systems/distributions in order to integrate as smoothly as
possible with them. This can potentially break that, or at the very
least make things quite confusing by virtue of more than one "QEMU
user" existing on the system.
Additionally, it completely fails to account for the qemu_user and
qemu_group meson options, which have been around forever and can take
arbitrary values.
At the very least, installing this file needs to be gated behind a
meson option that is off by default. A more complete solution that
integrates properly with the existing facilities will require further
work.
--
Andrea Bolognani / Red Hat / Virtualization