improve UX when running as root and we can't chown v2v tmpdir or socks

resolves: rhbz#2182024 Signed-off-by: Laszlo Ersek <lersek@redhat.com>
2023-06-30 11:13:23 +02:00 · 2023-06-30 11:13:23 +02:00 · 9f79ec032d
commit 9f79ec032d
parent a7a1117b6b
4 changed files with 213 additions and 1 deletions
--- a/0018-lib-utils-fix-typo.patch
+++ b/0018-lib-utils-fix-typo.patch
@ -0,0 +1,30 @@
 From 7a370cc7fcf4ba664eef73d4bac03dfc4d7041b3 Mon Sep 17 00:00:00 2001
 From: Laszlo Ersek <lersek@redhat.com>
 Date: Thu, 29 Jun 2023 14:34:41 +0200
 Subject: [PATCH] lib/utils: fix typo
 Fix a small comment typo from commit 4e7f20684373 ("lib: Improve security
 of in/out sockets when running virt-v2v as root", 2022-03-23).
 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2182024
 Signed-off-by: Laszlo Ersek <lersek@redhat.com>
 Message-Id: <20230629123443.188350-2-lersek@redhat.com>
 Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
 (cherry picked from commit dab9629c01915efc3678885e8bb0ccc5da1802a3)
 ---
 lib/utils.mli | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/lib/utils.mli b/lib/utils.mli
 index 5687bf75..cf88a467 100644
 --- a/lib/utils.mli
 +++ b/lib/utils.mli
@@ -62,7 +62,7 @@ val backend_is_libvirt : unit -> bool
 (** Return true iff the current backend is libvirt. *)
 val chown_for_libvirt_rhbz_1045069 : string -> unit
 -(** If running and root, and if the backend is libvirt, libvirt
 +(** If running as root, and if the backend is libvirt, libvirt
     will run qemu as a non-root user.  This prevents access
     to root-owned files and directories.  To fix this, provide
     a function to chown things we might need to qemu:root so
--- a/0019-lib-utils-make-chown_for_libvirt_rhbz_1045069-fail-h.patch
+++ b/0019-lib-utils-make-chown_for_libvirt_rhbz_1045069-fail-h.patch
@ -0,0 +1,96 @@
 From 522a927257cfa55ac87775165be23779e00076bb Mon Sep 17 00:00:00 2001
 From: Laszlo Ersek <lersek@redhat.com>
 Date: Thu, 29 Jun 2023 14:34:42 +0200
 Subject: [PATCH] lib/utils: make "chown_for_libvirt_rhbz_1045069" fail hard
 Currently "chown_for_libvirt_rhbz_1045069" is best effort; if it fails, we
 suppress the exception (we log it in verbose mode only, even).
 That's not proved helpful: it almost certainly leads to later errors, but
 those errors are less clear than the original (suppressed) exception.
 Namely, the user sees something like
 > Failed to connect to '/tmp/v2v.sKlulY/in0': Permission denied
 rather than
 > Failed to connect socket to '/var/run/libvirt/virtqemud-sock-ro':
 > Connection refused
 So just allow the exception to propagate outwards.
 And then, now that "chown_for_libvirt_rhbz_1045069" will be able to fail,
 hoist the call to "On_exit.rm_rf" before the call to
 "chown_for_libvirt_rhbz_1045069", after creating the v2v temporary
 directory. In the current order, if "chown_for_libvirt_rhbz_1045069" threw
 an exception, then we'd leak the temp dir in the filesystem.
 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2182024
 Signed-off-by: Laszlo Ersek <lersek@redhat.com>
 Message-Id: <20230629123443.188350-3-lersek@redhat.com>
 [lersek@redhat.com: reinstate parens under "then" [Rich]]
 Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
 (cherry picked from commit 8bcf383510a3d9deaa9b4c069a45c1604c9d5f53)
 ---
 lib/utils.ml  | 23 +++++++++--------------
 lib/utils.mli |  5 +----
 2 files changed, 10 insertions(+), 18 deletions(-)
 diff --git a/lib/utils.ml b/lib/utils.ml
 index 54431307..7b3aa2e2 100644
 --- a/lib/utils.ml
 +++ b/lib/utils.ml
@@ -151,19 +151,14 @@ let backend_is_libvirt () =
 let rec chown_for_libvirt_rhbz_1045069 file =
   let running_as_root = Unix.geteuid () = 0 in
   if running_as_root && backend_is_libvirt () then (
 -    try
 -      let user = Option.value ~default:"qemu" (libvirt_qemu_user ()) in
 -      let uid =
 -        if String.is_prefix user "+" then
 -          int_of_string (String.sub user 1 (String.length user - 1))
 -        else
 -          (Unix.getpwnam user).pw_uid in
 -      debug "setting owner of %s to %d:root" file uid;
 -      Unix.chown file uid 0
 -    with
 -    | exn -> (* Print exception, but continue. *)
 -       debug "could not set owner of %s: %s"
 -         file (Printexc.to_string exn)
 +    let user = Option.value ~default:"qemu" (libvirt_qemu_user ()) in
 +    let uid =
 +      if String.is_prefix user "+" then
 +        int_of_string (String.sub user 1 (String.length user - 1))
 +      else
 +        (Unix.getpwnam user).pw_uid in
 +    debug "setting owner of %s to %d:root" file uid;
 +    Unix.chown file uid 0
   )
 (* Get the local user that libvirt uses to run qemu when we are
@@ -206,8 +201,8 @@ let error_if_no_ssh_agent () =
 (* Create the directory containing inX and outX sockets. *)
 let create_v2v_directory () =
   let d = Mkdtemp.temp_dir "v2v." in
 -  chown_for_libvirt_rhbz_1045069 d;
   On_exit.rm_rf d;
 +  chown_for_libvirt_rhbz_1045069 d;
   d
 (* Wait for a file to appear until a timeout. *)
 diff --git a/lib/utils.mli b/lib/utils.mli
 index cf88a467..391a2a35 100644
 --- a/lib/utils.mli
 +++ b/lib/utils.mli
@@ -67,10 +67,7 @@ val chown_for_libvirt_rhbz_1045069 : string -> unit
     to root-owned files and directories.  To fix this, provide
     a function to chown things we might need to qemu:root so
     qemu can access them.  Note that root normally ignores
 -    permissions so can still access the resource.
 -
 -    This is best-effort.  If something fails then we carry
 -    on and hope for the best. *)
 +    permissions so can still access the resource. *)
 val error_if_no_ssh_agent : unit -> unit
--- a/0020-docs-virt-v2v-document-libvirt-system-instance-start.patch
+++ b/0020-docs-virt-v2v-document-libvirt-system-instance-start.patch
@ -0,0 +1,79 @@
 From f2e233b9e073327b1881ef17695380bc02a51f68 Mon Sep 17 00:00:00 2001
 From: Laszlo Ersek <lersek@redhat.com>
 Date: Thu, 29 Jun 2023 14:34:43 +0200
 Subject: [PATCH] docs/virt-v2v: document libvirt system instance startup
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 It has frequently tripped us up that on RHEL / Fedora, installing the
 right set of libvirt RPMs (such as the one pulled in by
 "libvirt-daemon-kvm") does not result in an immediately running libvirt
 system instance.  Document the need, and the simplest method, for starting
 libvirt up manually.
 Thanks: Daniel Berrangé
 Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2182024
 Signed-off-by: Laszlo Ersek <lersek@redhat.com>
 Message-Id: <20230629123443.188350-4-lersek@redhat.com>
 Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
 (cherry picked from commit dcfea1b9b5d0f237f49c9eb870af93527093b40b)
 ---
 docs/virt-v2v.pod | 23 ++++++++++++++++++++++-
 1 file changed, 22 insertions(+), 1 deletion(-)
 diff --git a/docs/virt-v2v.pod b/docs/virt-v2v.pod
 index 0394b421..058eb800 100644
 --- a/docs/virt-v2v.pod
 +++ b/docs/virt-v2v.pod
@@ -237,6 +237,8 @@ In this mode you have to specify a libvirt guest name or UUID on the
 command line.  You may also specify a libvirt connection URI (see
 I<-ic>).
 +See L</Starting the libvirt system instance> below.
 +
 =item B<-i> B<libvirtxml>
 Set the input method to I<libvirtxml>.
@@ -440,7 +442,8 @@ Set the output method to I<libvirt>.  This is the default.
 In this mode, the converted guest is created as a libvirt guest.  You
 may also specify a libvirt connection URI (see I<-oc>).
 -See L<virt-v2v-output-local(1)>.
 +See L</Starting the libvirt system instance> below, and
 +L<virt-v2v-output-local(1)>.
 =item B<-o> B<local>
@@ -1335,6 +1338,8 @@ see L<http://libvirt.org/auth.html>.  Alternatively, use
 I<-oc qemu:///session>, which will write to your per-user libvirt
 instance.
 +See also L</Starting the libvirt system instance>.
 +
 =item Writing to Openstack
 Because of how Cinder volumes are presented as F</dev> block devices,
@@ -1476,6 +1481,22 @@ option at all.  The option was added when virt-v2v was rewritten in 2014.
 It is possible to specify a format string for controlling the output;
 see L<guestfs(3)/ADVANCED MACHINE READABLE OUTPUT>.
 +=head2 Starting the libvirt system instance
 +
 + Failed to connect socket to '/var/run/libvirt/virtqemud-sock': No such file or directory
 + Failed to connect socket to '/var/run/libvirt/virtqemud-sock-ro': Connection refused
 +
 +If you have just installed libvirt and virt-v2v, then you may see the
 +errors above.  This is caused by libvirt daemons that provide various
 +services not running straight after installation.  (This may depend on
 +your distribution and vendor presets).
 +
 +To fix this on systemd-based distributions, do:
 +
 + systemctl isolate multi-user.target
 +
 +See also L<https://bugzilla.redhat.com/2182024>.
 +
 =head1 FILES
 =over 4
--- a/virt-v2v.spec
+++ b/virt-v2v.spec
@ -16,7 +16,7 @@
 Name:          virt-v2v
 Epoch:         1
 Version:       2.3.4
-Release:       3%{?dist}
+Release:       4%{?dist}
 Summary:       Convert a virtual machine to run on KVM
 License:       GPLv2+
@ -53,6 +53,9 @@ Patch0014:     0014-update-common-submodule.patch
 Patch0015:     0015-LUKS-on-LVM-conversion-test-rename-VGs-and-LVs.patch
 Patch0016:     0016-LUKS-on-LVM-conversion-test-test-dev-mapper-VG-LV-tr.patch
 Patch0017:     0017-test-data-phony-guests-fix-prerequisite-list-of-fedo.patch
 Patch0018:     0018-lib-utils-fix-typo.patch
 Patch0019:     0019-lib-utils-make-chown_for_libvirt_rhbz_1045069-fail-h.patch
 Patch0020:     0020-docs-virt-v2v-document-libvirt-system-instance-start.patch
 %if !0%{?rhel}
 # libguestfs hasn't been built on i686 for a while since there is no
@ -353,6 +356,10 @@ make -C tests TESTS=test-v2v-fedora-luks-on-lvm-conversion.sh check
 %changelog
 * Fri Jun 30 2023 Laszlo Ersek <lersek@redhat.com> - 1:2.3.4-4
 - improve UX when running as root and we can't chown v2v tmpdir or socks
  resolves: rhbz#2182024
 * Tue Jun 20 2023 Laszlo Ersek <lersek@redhat.com> - 1:2.3.4-3
 - recognize "--key /dev/mapper/VG-LV:key:password"
 - enable the %%check tests for real