[libvirt PATCH 0/3] rpm: Fix and improve handling of directories
With respect to the permissions topic mentioned in patch 3/3, I'm currently working on some patches that aim to improve that situation as well. Andrea Bolognani (3): rpm: Move /etc/libvirt from -daemon to -libs rpm: Move /var/lib/libvirt from -libs to -daemon rpm: List more directories libvirt.spec.in | 34 +++++++++++++++++++++++++++++++--- 1 file changed, 31 insertions(+), 3 deletions(-) -- 2.34.1
Files like libvirt.conf influence the behavior of the library itself. The daemon depends on the library, so the directory is guaranteed to be present both on the client side and on the server side. Signed-off-by: Andrea Bolognani <abologna@redhat.com> --- libvirt.spec.in | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/libvirt.spec.in b/libvirt.spec.in index 0e6cd13bb2..58c2fafac6 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1651,8 +1651,6 @@ exit 0 %files daemon -%dir %attr(0700, root, root) %{_sysconfdir}/libvirt/ - %{_unitdir}/libvirtd.service %{_unitdir}/libvirtd.socket %{_unitdir}/libvirtd-ro.socket @@ -2019,6 +2017,7 @@ exit 0 %files libs -f %{name}.lang %license COPYING COPYING.LESSER +%dir %attr(0700, root, root) %{_sysconfdir}/libvirt/ %config(noreplace) %{_sysconfdir}/libvirt/libvirt.conf %config(noreplace) %{_sysconfdir}/libvirt/libvirt-admin.conf %{_libdir}/libvirt.so.* -- 2.34.1
The server, not the client, uses local storage. Signed-off-by: Andrea Bolognani <abologna@redhat.com> --- libvirt.spec.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libvirt.spec.in b/libvirt.spec.in index 58c2fafac6..ce82def2af 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1683,6 +1683,7 @@ exit 0 %ghost %dir %{_rundir}/libvirt/ +%dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/ %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/images/ %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/filesystems/ %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/boot/ @@ -2026,7 +2027,6 @@ exit 0 %{_libdir}/libvirt-admin.so.* %dir %{_datadir}/libvirt/ %dir %{_datadir}/libvirt/schemas/ -%dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/ %{_datadir}/systemtap/tapset/libvirt_probes*.stp %{_datadir}/systemtap/tapset/libvirt_functions.stp -- 2.34.1
This has two advantages: it makes it possible for the admin to ask rpm what package they belong to, and results in them ending up with stricter permissions than they would have if we let libvirt create them at runtime. Signed-off-by: Andrea Bolognani <abologna@redhat.com> --- libvirt.spec.in | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/libvirt.spec.in b/libvirt.spec.in index ce82def2af..4a56ace1d6 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1682,6 +1682,7 @@ exit 0 %dir %{_datadir}/libvirt/ %ghost %dir %{_rundir}/libvirt/ +%ghost %dir %{_rundir}/libvirt/common/ %dir %attr(0755, root, root) %{_localstatedir}/lib/libvirt/ %dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/images/ @@ -1758,6 +1759,7 @@ exit 0 %{_unitdir}/virtinterfaced-ro.socket %{_unitdir}/virtinterfaced-admin.socket %attr(0755, root, root) %{_sbindir}/virtinterfaced +%ghost %dir %{_rundir}/libvirt/interface/ %{_libdir}/%{name}/connection-driver/libvirt_driver_interface.so %{_mandir}/man8/virtinterfaced.8* @@ -1793,6 +1795,7 @@ exit 0 %{_unitdir}/virtnodedevd-ro.socket %{_unitdir}/virtnodedevd-admin.socket %attr(0755, root, root) %{_sbindir}/virtnodedevd +%ghost %dir %{_rundir}/libvirt/nodedev/ %{_libdir}/%{name}/connection-driver/libvirt_driver_nodedev.so %{_mandir}/man8/virtnodedevd.8* @@ -1807,6 +1810,8 @@ exit 0 %attr(0755, root, root) %{_sbindir}/virtnwfilterd %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/nwfilter/ %ghost %dir %{_rundir}/libvirt/network/ +%ghost %dir %{_rundir}/libvirt/nwfilter-binding/ +%ghost %dir %{_rundir}/libvirt/nwfilter/ %{_libdir}/%{name}/connection-driver/libvirt_driver_nwfilter.so %{_mandir}/man8/virtnwfilterd.8* @@ -1819,6 +1824,8 @@ exit 0 %{_unitdir}/virtsecretd-ro.socket %{_unitdir}/virtsecretd-admin.socket %attr(0755, root, root) %{_sbindir}/virtsecretd +%dir %attr(0700, root, root) %{_sysconfdir}/libvirt/secrets/ +%ghost %dir %{_rundir}/libvirt/secrets/ %{_libdir}/%{name}/connection-driver/libvirt_driver_secret.so %{_mandir}/man8/virtsecretd.8* @@ -1834,6 +1841,9 @@ exit 0 %{_unitdir}/virtstoraged-admin.socket %attr(0755, root, root) %{_sbindir}/virtstoraged %attr(0755, root, root) %{_libexecdir}/libvirt_parthelper +%dir %attr(0700, root, root) %{_sysconfdir}/libvirt/storage/ +%dir %attr(0700, root, root) %{_sysconfdir}/libvirt/storage/autostart/ +%ghost %dir %{_rundir}/libvirt/storage/ %{_libdir}/%{name}/connection-driver/libvirt_driver_storage.so %{_libdir}/%{name}/storage-backend/libvirt_storage_backend_fs.so %{_libdir}/%{name}/storage-file/libvirt_storage_file_fs.so @@ -1892,12 +1902,23 @@ exit 0 %{_unitdir}/virtqemud-admin.socket %attr(0755, root, root) %{_sbindir}/virtqemud %dir %attr(0700, root, root) %{_sysconfdir}/libvirt/qemu/ +%dir %attr(0700, root, root) %{_sysconfdir}/libvirt/qemu/autostart/ %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/ %config(noreplace) %{_sysconfdir}/libvirt/qemu.conf %config(noreplace) %{_sysconfdir}/libvirt/qemu-lockd.conf %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.qemu %ghost %dir %{_rundir}/libvirt/qemu/ +%ghost %dir %{_rundir}/libvirt/qemu/dbus/ +%ghost %dir %{_rundir}/libvirt/qemu/slirp/ %dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/ +%dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/channel/ +%dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/channel/target/ +%dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/checkpoint/ +%dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/dump/ +%dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/nvram/ +%dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/ram/ +%dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/save/ +%dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/snapshot/ %dir %attr(0750, root, root) %{_localstatedir}/cache/libvirt/qemu/ %{_datadir}/augeas/lenses/libvirtd_qemu.aug %{_datadir}/augeas/lenses/tests/test_libvirtd_qemu.aug @@ -1920,6 +1941,8 @@ exit 0 %{_unitdir}/virtlxcd-admin.socket %attr(0755, root, root) %{_sbindir}/virtlxcd %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/lxc/ +%dir %attr(0700, root, root) %{_sysconfdir}/libvirt/lxc/ +%dir %attr(0700, root, root) %{_sysconfdir}/libvirt/lxc/autostart/ %config(noreplace) %{_sysconfdir}/libvirt/lxc.conf %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.lxc %ghost %dir %{_rundir}/libvirt/lxc/ @@ -1944,11 +1967,17 @@ exit 0 %config(noreplace) %{_sysconfdir}/libvirt/libxl.conf %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.libxl %config(noreplace) %{_sysconfdir}/libvirt/libxl-lockd.conf +%dir %attr(0700, root, root) %{_sysconfdir}/libvirt/libxl/ +%dir %attr(0700, root, root) %{_sysconfdir}/libvirt/libxl/autostart/ %{_datadir}/augeas/lenses/libvirtd_libxl.aug %{_datadir}/augeas/lenses/tests/test_libvirtd_libxl.aug %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/libxl/ %ghost %dir %{_rundir}/libvirt/libxl/ %dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/libxl/ +%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/libxl/channel/ +%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/libxl/channel/target/ +%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/libxl/dump/ +%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/libxl/save/ %{_libdir}/%{name}/connection-driver/libvirt_driver_libxl.so %{_mandir}/man8/virtxend.8* %endif -- 2.34.1
On 2/1/22 18:50, Andrea Bolognani wrote:
With respect to the permissions topic mentioned in patch 3/3, I'm currently working on some patches that aim to improve that situation as well.
Andrea Bolognani (3): rpm: Move /etc/libvirt from -daemon to -libs rpm: Move /var/lib/libvirt from -libs to -daemon rpm: List more directories
libvirt.spec.in | 34 +++++++++++++++++++++++++++++++--- 1 file changed, 31 insertions(+), 3 deletions(-)
Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Michal
On Wed, Feb 02, 2022 at 09:46:47AM +0100, Michal Prívozník wrote:
On 2/1/22 18:50, Andrea Bolognani wrote:
With respect to the permissions topic mentioned in patch 3/3, I'm currently working on some patches that aim to improve that situation as well.
Andrea Bolognani (3): rpm: Move /etc/libvirt from -daemon to -libs rpm: Move /var/lib/libvirt from -libs to -daemon rpm: List more directories
libvirt.spec.in | 34 +++++++++++++++++++++++++++++++--- 1 file changed, 31 insertions(+), 3 deletions(-)
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Welp, pushing this broke CI :/ Working on a fix... -- Andrea Bolognani / Red Hat / Virtualization
On Wed, Feb 02, 2022 at 02:51:55AM -0800, Andrea Bolognani wrote:
On Wed, Feb 02, 2022 at 09:46:47AM +0100, Michal Prívozník wrote:
On 2/1/22 18:50, Andrea Bolognani wrote:
Andrea Bolognani (3): rpm: Move /etc/libvirt from -daemon to -libs rpm: Move /var/lib/libvirt from -libs to -daemon rpm: List more directories
libvirt.spec.in | 34 +++++++++++++++++++++++++++++++--- 1 file changed, 31 insertions(+), 3 deletions(-)
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Welp, pushing this broke CI :/
Working on a fix...
Fix here: https://listman.redhat.com/archives/libvir-list/2022-February/msg00076.html -- Andrea Bolognani / Red Hat / Virtualization
participants (2)
-
Andrea Bolognani -
Michal Prívozník