improve UX when running as root and we can't chown v2v tmpdir or socks

resolves: rhbz#2182024
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
This commit is contained in:
Laszlo Ersek 2023-06-30 11:13:23 +02:00
parent a7a1117b6b
commit 9f79ec032d
4 changed files with 213 additions and 1 deletions

View File

@ -0,0 +1,30 @@
From 7a370cc7fcf4ba664eef73d4bac03dfc4d7041b3 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 29 Jun 2023 14:34:41 +0200
Subject: [PATCH] lib/utils: fix typo
Fix a small comment typo from commit 4e7f20684373 ("lib: Improve security
of in/out sockets when running virt-v2v as root", 2022-03-23).
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2182024
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20230629123443.188350-2-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit dab9629c01915efc3678885e8bb0ccc5da1802a3)
---
lib/utils.mli | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/utils.mli b/lib/utils.mli
index 5687bf75..cf88a467 100644
--- a/lib/utils.mli
+++ b/lib/utils.mli
@@ -62,7 +62,7 @@ val backend_is_libvirt : unit -> bool
(** Return true iff the current backend is libvirt. *)
val chown_for_libvirt_rhbz_1045069 : string -> unit
-(** If running and root, and if the backend is libvirt, libvirt
+(** If running as root, and if the backend is libvirt, libvirt
will run qemu as a non-root user. This prevents access
to root-owned files and directories. To fix this, provide
a function to chown things we might need to qemu:root so

View File

@ -0,0 +1,96 @@
From 522a927257cfa55ac87775165be23779e00076bb Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 29 Jun 2023 14:34:42 +0200
Subject: [PATCH] lib/utils: make "chown_for_libvirt_rhbz_1045069" fail hard
Currently "chown_for_libvirt_rhbz_1045069" is best effort; if it fails, we
suppress the exception (we log it in verbose mode only, even).
That's not proved helpful: it almost certainly leads to later errors, but
those errors are less clear than the original (suppressed) exception.
Namely, the user sees something like
> Failed to connect to '/tmp/v2v.sKlulY/in0': Permission denied
rather than
> Failed to connect socket to '/var/run/libvirt/virtqemud-sock-ro':
> Connection refused
So just allow the exception to propagate outwards.
And then, now that "chown_for_libvirt_rhbz_1045069" will be able to fail,
hoist the call to "On_exit.rm_rf" before the call to
"chown_for_libvirt_rhbz_1045069", after creating the v2v temporary
directory. In the current order, if "chown_for_libvirt_rhbz_1045069" threw
an exception, then we'd leak the temp dir in the filesystem.
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2182024
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20230629123443.188350-3-lersek@redhat.com>
[lersek@redhat.com: reinstate parens under "then" [Rich]]
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit 8bcf383510a3d9deaa9b4c069a45c1604c9d5f53)
---
lib/utils.ml | 23 +++++++++--------------
lib/utils.mli | 5 +----
2 files changed, 10 insertions(+), 18 deletions(-)
diff --git a/lib/utils.ml b/lib/utils.ml
index 54431307..7b3aa2e2 100644
--- a/lib/utils.ml
+++ b/lib/utils.ml
@@ -151,19 +151,14 @@ let backend_is_libvirt () =
let rec chown_for_libvirt_rhbz_1045069 file =
let running_as_root = Unix.geteuid () = 0 in
if running_as_root && backend_is_libvirt () then (
- try
- let user = Option.value ~default:"qemu" (libvirt_qemu_user ()) in
- let uid =
- if String.is_prefix user "+" then
- int_of_string (String.sub user 1 (String.length user - 1))
- else
- (Unix.getpwnam user).pw_uid in
- debug "setting owner of %s to %d:root" file uid;
- Unix.chown file uid 0
- with
- | exn -> (* Print exception, but continue. *)
- debug "could not set owner of %s: %s"
- file (Printexc.to_string exn)
+ let user = Option.value ~default:"qemu" (libvirt_qemu_user ()) in
+ let uid =
+ if String.is_prefix user "+" then
+ int_of_string (String.sub user 1 (String.length user - 1))
+ else
+ (Unix.getpwnam user).pw_uid in
+ debug "setting owner of %s to %d:root" file uid;
+ Unix.chown file uid 0
)
(* Get the local user that libvirt uses to run qemu when we are
@@ -206,8 +201,8 @@ let error_if_no_ssh_agent () =
(* Create the directory containing inX and outX sockets. *)
let create_v2v_directory () =
let d = Mkdtemp.temp_dir "v2v." in
- chown_for_libvirt_rhbz_1045069 d;
On_exit.rm_rf d;
+ chown_for_libvirt_rhbz_1045069 d;
d
(* Wait for a file to appear until a timeout. *)
diff --git a/lib/utils.mli b/lib/utils.mli
index cf88a467..391a2a35 100644
--- a/lib/utils.mli
+++ b/lib/utils.mli
@@ -67,10 +67,7 @@ val chown_for_libvirt_rhbz_1045069 : string -> unit
to root-owned files and directories. To fix this, provide
a function to chown things we might need to qemu:root so
qemu can access them. Note that root normally ignores
- permissions so can still access the resource.
-
- This is best-effort. If something fails then we carry
- on and hope for the best. *)
+ permissions so can still access the resource. *)
val error_if_no_ssh_agent : unit -> unit

View File

@ -0,0 +1,79 @@
From f2e233b9e073327b1881ef17695380bc02a51f68 Mon Sep 17 00:00:00 2001
From: Laszlo Ersek <lersek@redhat.com>
Date: Thu, 29 Jun 2023 14:34:43 +0200
Subject: [PATCH] docs/virt-v2v: document libvirt system instance startup
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
It has frequently tripped us up that on RHEL / Fedora, installing the
right set of libvirt RPMs (such as the one pulled in by
"libvirt-daemon-kvm") does not result in an immediately running libvirt
system instance. Document the need, and the simplest method, for starting
libvirt up manually.
Thanks: Daniel Berrangé
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2182024
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20230629123443.188350-4-lersek@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
(cherry picked from commit dcfea1b9b5d0f237f49c9eb870af93527093b40b)
---
docs/virt-v2v.pod | 23 ++++++++++++++++++++++-
1 file changed, 22 insertions(+), 1 deletion(-)
diff --git a/docs/virt-v2v.pod b/docs/virt-v2v.pod
index 0394b421..058eb800 100644
--- a/docs/virt-v2v.pod
+++ b/docs/virt-v2v.pod
@@ -237,6 +237,8 @@ In this mode you have to specify a libvirt guest name or UUID on the
command line. You may also specify a libvirt connection URI (see
I<-ic>).
+See L</Starting the libvirt system instance> below.
+
=item B<-i> B<libvirtxml>
Set the input method to I<libvirtxml>.
@@ -440,7 +442,8 @@ Set the output method to I<libvirt>. This is the default.
In this mode, the converted guest is created as a libvirt guest. You
may also specify a libvirt connection URI (see I<-oc>).
-See L<virt-v2v-output-local(1)>.
+See L</Starting the libvirt system instance> below, and
+L<virt-v2v-output-local(1)>.
=item B<-o> B<local>
@@ -1335,6 +1338,8 @@ see L<http://libvirt.org/auth.html>. Alternatively, use
I<-oc qemu:///session>, which will write to your per-user libvirt
instance.
+See also L</Starting the libvirt system instance>.
+
=item Writing to Openstack
Because of how Cinder volumes are presented as F</dev> block devices,
@@ -1476,6 +1481,22 @@ option at all. The option was added when virt-v2v was rewritten in 2014.
It is possible to specify a format string for controlling the output;
see L<guestfs(3)/ADVANCED MACHINE READABLE OUTPUT>.
+=head2 Starting the libvirt system instance
+
+ Failed to connect socket to '/var/run/libvirt/virtqemud-sock': No such file or directory
+ Failed to connect socket to '/var/run/libvirt/virtqemud-sock-ro': Connection refused
+
+If you have just installed libvirt and virt-v2v, then you may see the
+errors above. This is caused by libvirt daemons that provide various
+services not running straight after installation. (This may depend on
+your distribution and vendor presets).
+
+To fix this on systemd-based distributions, do:
+
+ systemctl isolate multi-user.target
+
+See also L<https://bugzilla.redhat.com/2182024>.
+
=head1 FILES
=over 4

View File

@ -16,7 +16,7 @@
Name: virt-v2v Name: virt-v2v
Epoch: 1 Epoch: 1
Version: 2.3.4 Version: 2.3.4
Release: 3%{?dist} Release: 4%{?dist}
Summary: Convert a virtual machine to run on KVM Summary: Convert a virtual machine to run on KVM
License: GPLv2+ License: GPLv2+
@ -53,6 +53,9 @@ Patch0014: 0014-update-common-submodule.patch
Patch0015: 0015-LUKS-on-LVM-conversion-test-rename-VGs-and-LVs.patch Patch0015: 0015-LUKS-on-LVM-conversion-test-rename-VGs-and-LVs.patch
Patch0016: 0016-LUKS-on-LVM-conversion-test-test-dev-mapper-VG-LV-tr.patch Patch0016: 0016-LUKS-on-LVM-conversion-test-test-dev-mapper-VG-LV-tr.patch
Patch0017: 0017-test-data-phony-guests-fix-prerequisite-list-of-fedo.patch Patch0017: 0017-test-data-phony-guests-fix-prerequisite-list-of-fedo.patch
Patch0018: 0018-lib-utils-fix-typo.patch
Patch0019: 0019-lib-utils-make-chown_for_libvirt_rhbz_1045069-fail-h.patch
Patch0020: 0020-docs-virt-v2v-document-libvirt-system-instance-start.patch
%if !0%{?rhel} %if !0%{?rhel}
# libguestfs hasn't been built on i686 for a while since there is no # libguestfs hasn't been built on i686 for a while since there is no
@ -353,6 +356,10 @@ make -C tests TESTS=test-v2v-fedora-luks-on-lvm-conversion.sh check
%changelog %changelog
* Fri Jun 30 2023 Laszlo Ersek <lersek@redhat.com> - 1:2.3.4-4
- improve UX when running as root and we can't chown v2v tmpdir or socks
resolves: rhbz#2182024
* Tue Jun 20 2023 Laszlo Ersek <lersek@redhat.com> - 1:2.3.4-3 * Tue Jun 20 2023 Laszlo Ersek <lersek@redhat.com> - 1:2.3.4-3
- recognize "--key /dev/mapper/VG-LV:key:password" - recognize "--key /dev/mapper/VG-LV:key:password"
- enable the %%check tests for real - enable the %%check tests for real