[libvirt] [PATCH] qemu: pass "-1" as uid/gid for unprivileged qemu
so we don't try to change uid/git to 0 when probing capabilities. --- On Fri, Feb 15, 2013 at 11:20:17PM -0600, Doug Goldstein wrote:
The following error bisect's down to this commit when running out of my local checkout for testing.
2013-02-16 05:16:55.102+0000: 29992: error : virCommandWait:2270 : internal error Child process (LC_ALL=C LD_LIBRARY_PATH=/home/cardoe/work/libvirt/src/.libs PATH=/usr/local/bin:/usr/bin:/bin:/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.6.3:/usr/games/bin HOME=/home/cardoe USER=cardoe LOGNAME=cardoe /usr/bin/qemu-kvm -help) unexpected exit status 1: libvir: error : internal error cannot apply process capabilities -1
This is due to: debug : virExec:641 : Setting child uid:gid to 0:0 with caps 0 We're trying to change capabilities even on qemu:///session. This unbreaks the libvirt-tck jenkins test suite as well. src/qemu/qemu_driver.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 23499ef..dc35b91 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -556,6 +556,8 @@ qemuStartup(bool privileged, char *membase = NULL; char *mempath = NULL; virQEMUDriverConfigPtr cfg; + uid_t run_uid = -1; + gid_t run_gid = -1; if (VIR_ALLOC(qemu_driver) < 0) return -1; @@ -707,11 +709,13 @@ qemuStartup(bool privileged, cfg->snapshotDir, cfg->user, cfg->group); goto error; } + run_uid = cfg->user; + run_gid = cfg->group; } qemu_driver->qemuCapsCache = virQEMUCapsCacheNew(cfg->libDir, - cfg->user, - cfg->group); + run_uid, + run_gid); if (!qemu_driver->qemuCapsCache) goto error; -- 1.7.10.4
On Sun, Feb 17, 2013 at 11:33 AM, Guido Günther <agx@sigxcpu.org> wrote:
so we don't try to change uid/git to 0 when probing capabilities. ---
On Fri, Feb 15, 2013 at 11:20:17PM -0600, Doug Goldstein wrote:
The following error bisect's down to this commit when running out of my local checkout for testing.
2013-02-16 05:16:55.102+0000: 29992: error : virCommandWait:2270 : internal error Child process (LC_ALL=C LD_LIBRARY_PATH=/home/cardoe/work/libvirt/src/.libs PATH=/usr/local/bin:/usr/bin:/bin:/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.6.3:/usr/games/bin HOME=/home/cardoe USER=cardoe LOGNAME=cardoe /usr/bin/qemu-kvm -help) unexpected exit status 1: libvir: error : internal error cannot apply process capabilities -1
This is due to:
debug : virExec:641 : Setting child uid:gid to 0:0 with caps 0
We're trying to change capabilities even on qemu:///session. This unbreaks the libvirt-tck jenkins test suite as well.
src/qemu/qemu_driver.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 23499ef..dc35b91 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -556,6 +556,8 @@ qemuStartup(bool privileged, char *membase = NULL; char *mempath = NULL; virQEMUDriverConfigPtr cfg; + uid_t run_uid = -1; + gid_t run_gid = -1;
if (VIR_ALLOC(qemu_driver) < 0) return -1; @@ -707,11 +709,13 @@ qemuStartup(bool privileged, cfg->snapshotDir, cfg->user, cfg->group); goto error; } + run_uid = cfg->user; + run_gid = cfg->group; }
qemu_driver->qemuCapsCache = virQEMUCapsCacheNew(cfg->libDir, - cfg->user, - cfg->group); + run_uid, + run_gid); if (!qemu_driver->qemuCapsCache) goto error;
-- 1.7.10.4
ACK. Resolves the issue for me and the change looks good. -- Doug Goldstein
On Sun, Feb 17, 2013 at 7:12 PM, Doug Goldstein <cardoe@gentoo.org> wrote:
On Sun, Feb 17, 2013 at 11:33 AM, Guido Günther <agx@sigxcpu.org> wrote:
so we don't try to change uid/git to 0 when probing capabilities. ---
On Fri, Feb 15, 2013 at 11:20:17PM -0600, Doug Goldstein wrote:
The following error bisect's down to this commit when running out of my local checkout for testing.
2013-02-16 05:16:55.102+0000: 29992: error : virCommandWait:2270 : internal error Child process (LC_ALL=C LD_LIBRARY_PATH=/home/cardoe/work/libvirt/src/.libs PATH=/usr/local/bin:/usr/bin:/bin:/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.6.3:/usr/games/bin HOME=/home/cardoe USER=cardoe LOGNAME=cardoe /usr/bin/qemu-kvm -help) unexpected exit status 1: libvir: error : internal error cannot apply process capabilities -1
This is due to:
debug : virExec:641 : Setting child uid:gid to 0:0 with caps 0
We're trying to change capabilities even on qemu:///session. This unbreaks the libvirt-tck jenkins test suite as well.
src/qemu/qemu_driver.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c index 23499ef..dc35b91 100644 --- a/src/qemu/qemu_driver.c +++ b/src/qemu/qemu_driver.c @@ -556,6 +556,8 @@ qemuStartup(bool privileged, char *membase = NULL; char *mempath = NULL; virQEMUDriverConfigPtr cfg; + uid_t run_uid = -1; + gid_t run_gid = -1;
if (VIR_ALLOC(qemu_driver) < 0) return -1; @@ -707,11 +709,13 @@ qemuStartup(bool privileged, cfg->snapshotDir, cfg->user, cfg->group); goto error; } + run_uid = cfg->user; + run_gid = cfg->group; }
qemu_driver->qemuCapsCache = virQEMUCapsCacheNew(cfg->libDir, - cfg->user, - cfg->group); + run_uid, + run_gid); if (!qemu_driver->qemuCapsCache) goto error;
-- 1.7.10.4
ACK. Resolves the issue for me and the change looks good.
-- Doug Goldstein
Thanks. Pushed. -- Doug Goldstein
participants (2)
-
Doug Goldstein -
Guido Günther