[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libguestfs] [PATCH] Fix error launching libguestfs when euid != uid

On 20/09/10 14:54, Matthew Booth wrote:
On 20/09/10 14:43, Richard W.M. Jones wrote:
Improved patch. This copies your code to set real UID and GID
before the exec.


-- Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones virt-top is 'top' for virtual machines.
Tiny program with many powerful monitoring features, net stats, disk
stats, logging, etc. http://et.redhat.com/~rjones/virt-top


From d00e2fb8c2e26e0a48954472b52bd0be877e9ce6 Mon Sep 17 00:00:00 2001
From: Richard W.M. Jones<rjones redhat com>
Date: Mon, 20 Sep 2010 14:02:06 +0100
Subject: [PATCH] Fix error launching libguestfs when euid != uid.

When writing to a RHEV target, virt-v2v launches the libguestfs
appliance with euid:egid = 36:36, which is required to write to
an NFS target using root_squash.

Since we changed to using a cached appliance, this causes an error on
start up, as the cached files are owned by root, but the cache directory
is owned by 36:36. The reason is that bash resets euid to uid and
egid to gid so when febootstrap-supermin-helper is executed, it runs as
root:root. The cache directory was created by libguestfs directly so
it has the correct ownership.

This patch fixes the issue by using explicit fork/exec instead of
system (ie. not going via a shell) and by setting the real UID and
GID to the effective UID and GID before execing.
src/appliance.c | 133
1 files changed, 108 insertions(+), 25 deletions(-)

ACK. This now works for me.

It turns out I spoke too soon on this. The wrapping round the call to febootstrap-supermin-helper to generate the checksum *is* required. Without it, febootstrap-supermin-helper has the wrong euid, and therefore generates the wrong checksum. For virt-v2v, this means that the following sequence fails:

* Run virt-v2v as root, outputting to RHEV
    This calls guestfs_launch() with euid == 36
    checksum is generated for *root*, because of missing wrapping
    /tmp/<root's checksum> is created owned by 36:36
* Run virt-v2v as root, outputting locally
    This calls guestfs_launch() with euid == 0
    checksum is correctly generated for root, same as above
    validation fails, because cache dir is owned by 36:36

I'll post a rebased patch.

Matthew Booth, RHCA, RHCSS
Red Hat Engineering, Virtualisation Team

GPG ID:  D33C3490
GPG FPR: 3733 612D 2D05 5458 8A8A 1600 3441 EA19 D33C 3490

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]