rpms/python-virtinst/devel virtinst-0.500.0-change-path-perms.patch, NONE, 1.1 virtinst-0.500.0-no-iso-driver.patch, NONE, 1.1 virtinst-0.500.0-nonroot-qemu-net.patch, NONE, 1.1 python-virtinst.spec, 1.72, 1.73
Cole Robinson
crobinso at fedoraproject.org
Thu Sep 24 13:55:17 UTC 2009
Author: crobinso
Update of /cvs/pkgs/rpms/python-virtinst/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv12769
Modified Files:
python-virtinst.spec
Added Files:
virtinst-0.500.0-change-path-perms.patch
virtinst-0.500.0-no-iso-driver.patch
virtinst-0.500.0-nonroot-qemu-net.patch
Log Message:
Don't use usermode net for non-root qemu:///system via virt-install
Fix cdrom installs where the iso is a storage volume (bz 524109)
Fix path permissions for kernel/initrd download location (bz 523960)
virtinst-0.500.0-change-path-perms.patch:
Installer.py | 20 +++++++---
VirtualDisk.py | 108 +++++++++++++++++++++++++++++++++++++++++++++++++++++++--
2 files changed, 120 insertions(+), 8 deletions(-)
--- NEW FILE virtinst-0.500.0-change-path-perms.patch ---
# HG changeset patch
# User Cole Robinson <crobinso at redhat.com>
# Date 1253738317 14400
# Node ID 53cd275974ab35a790b4c4bf1424d0950d5b095e
# Parent aff98f0152935ad7cd57e86c4172a6683e6306c5
VirtualDisk: Add methods for checking/changing path perms for username.
Since libvirtd can now run qemu processes as non-root, the tools need to
try to check directory permissions and make sure they are at least searchable
by a specific username. This simply implements the functions to make that
happen.
diff -r aff98f015293 -r 53cd275974ab virtinst/VirtualDisk.py
--- a/virtinst/VirtualDisk.py Mon Sep 21 15:52:04 2009 -0400
+++ b/virtinst/VirtualDisk.py Wed Sep 23 16:38:37 2009 -0400
@@ -19,9 +19,11 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
# MA 02110-1301 USA.
-import os, statvfs
+import os, stat, pwd, statvfs
import subprocess
import logging
+import re
+
import urlgrabber.progress as progress
import libvirt
@@ -69,6 +71,46 @@
return fmt
+def _name_uid(user):
+ """
+ Return UID for string username
+ """
+ pwdinfo = pwd.getpwnam(user)
+ return pwdinfo[2]
+
+def _is_dir_searchable(uid, username, path):
+ """
+ Check if passed directory is searchable by uid
+ """
+ try:
+ statinfo = os.stat(path)
+ except OSError:
+ return False
+
+ if uid == statinfo.st_uid:
+ flag = stat.S_IXUSR
+ elif uid == statinfo.st_gid:
+ flag = stat.S_IXGRP
+ else:
+ flag = stat.S_IXOTH
+
+ if bool(statinfo.st_mode & flag):
+ return True
+
+ # Check POSIX ACL (since that is what we use to 'fix' access)
+ cmd = ["getfacl", path]
+ proc = subprocess.Popen(cmd,
+ stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE)
+ out, err = proc.communicate()
+
+ if proc.returncode != 0:
+ logging.debug("Cmd '%s' failed: %s" % (cmd, err))
+ return False
+
+ return bool(re.search("user:%s:..x" % username, out))
+
+
class VirtualDisk(VirtualDevice):
"""
Builds a libvirt domain disk xml description
@@ -156,6 +198,63 @@
return False
+ @staticmethod
+ def check_path_search_for_user(conn, path, username):
+ """
+ Check if the passed user has search permissions for all the
+ directories in the disk path.
+
+ @return: List of the directories the user cannot search, or empty list
+ @rtype : C{list}
+ """
+ if _util.is_uri_remote(conn.getURI()):
+ return []
+
+ uid = _name_uid(username)
+ fixlist = []
+
+ dirname, base = os.path.split(path)
+ while base:
+ if not _is_dir_searchable(uid, username, dirname):
+ fixlist.append(dirname)
+
+ dirname, base = os.path.split(dirname)
+
+ return fixlist
+
+ @staticmethod
+ def fix_path_search_for_user(conn, path, username):
+ """
+ Try to fix any permission problems found by check_path_search_for_user
+
+ @return: Return a dictionary of entries { broken path : error msg }
+ @rtype : C{dict}
+ """
+ fixlist = VirtualDisk.check_path_search_for_user(conn, path, username)
+ if not fixlist:
+ return []
+
+ fixlist.reverse()
+ errdict = {}
+
+ for dirname in fixlist:
+ try:
+ cmd = ["setfacl", "--modify", "user:%s:x" % username, dirname]
+ proc = subprocess.Popen(cmd,
+ stdout=subprocess.PIPE,
+ stderr=subprocess.PIPE)
+ out, err = proc.communicate()
+
+ logging.debug("Cmd '%s' output: \nout=%s, \nerr=%s" %
+ (cmd, out, err))
+ if proc.returncode != 0:
+ raise ValueError(err)
+ except Exception, e:
+ errdict[dirname] = str(e)
+
+ return errdict
+
+
def __init__(self, path=None, size=None, transient=False, type=None,
device=DEVICE_DISK, driverName=None, driverType=None,
readOnly=False, sparse=True, conn=None, volObject=None,
# HG changeset patch
# User Cole Robinson <crobinso at redhat.com>
# Date 1253741935 14400
# Node ID a523260ac56eb90e1eda067c2bbd5fc726bb0165
# Parent 53cd275974ab35a790b4c4bf1424d0950d5b095e
VirtualDisk: Teach perms changing functions about a target directory.
diff -r 53cd275974ab -r a523260ac56e virtinst/VirtualDisk.py
--- a/virtinst/VirtualDisk.py Wed Sep 23 16:38:37 2009 -0400
+++ b/virtinst/VirtualDisk.py Wed Sep 23 17:38:55 2009 -0400
@@ -213,7 +213,12 @@
uid = _name_uid(username)
fixlist = []
- dirname, base = os.path.split(path)
+ if os.path.isdir(path):
+ dirname = path
+ base = "-"
+ else:
+ dirname, base = os.path.split(path)
+
while base:
if not _is_dir_searchable(uid, username, dirname):
fixlist.append(dirname)
diff -r 53cd275974ab virtinst/Installer.py
--- a/virtinst/Installer.py Wed Sep 23 16:38:37 2009 -0400
+++ b/virtinst/Installer.py Wed Sep 23 17:32:14 2009 -0400
@@ -141,12 +141,20 @@
return XEN_SCRATCH
if os.path.exists(LIBVIRT_SCRATCH):
return LIBVIRT_SCRATCH
- else:
- scratch = os.path.expanduser("~/.virtinst/boot")
- if not os.path.exists(scratch):
- os.makedirs(scratch, 0750)
- _util.selinux_restorecon(scratch)
- return scratch
+
+ scratch = os.path.expanduser("~/.virtinst/boot")
+ if not os.path.exists(scratch):
+ os.makedirs(scratch, 0751)
+
+ if (self.conn and
+ not _util.is_uri_remote(self.conn.getURI()) and
+ _util.is_qemu_system(self.conn.getURI())):
+ # If we are using local qemu:///system, try to make sure the
+ # download location is searchable by the 'qemu' user
+ VirtualDisk.fix_path_search_for_user(self.conn, scratch, "qemu")
+
+ _util.selinux_restorecon(scratch)
+ return scratch
scratchdir = property(get_scratchdir)
def get_cdrom(self):
virtinst-0.500.0-no-iso-driver.patch:
b/tests/xmlconfig-xml/misc-qemu-iso-disk.xml | 36 ++++++++++++++++++++++++
tests/testdriver.xml | 16 ++++++++++
tests/xmlconfig.py | 6 ++++
virtinst/VirtualDisk.py | 40 ++++++++++++++++-----------
4 files changed, 82 insertions(+), 16 deletions(-)
--- NEW FILE virtinst-0.500.0-no-iso-driver.patch ---
# HG changeset patch
# User Cole Robinson <crobinso at redhat.com>
# Date 1253562724 14400
# Node ID aff98f0152935ad7cd57e86c4172a6683e6306c5
# Parent 143b09da8bccc3b6b2069c29073ea5a6ef9ce69b
VirtualDisk: Don't use 'iso' as a qemu driver name (bz 524109)
diff -r 143b09da8bcc -r aff98f015293 tests/testdriver.xml
--- a/tests/testdriver.xml Mon Sep 21 15:47:33 2009 -0400
+++ b/tests/testdriver.xml Mon Sep 21 15:52:04 2009 -0400
@@ -67,6 +67,22 @@
</target>
</volume>
<volume>
+ <name>iso-vol</name>
+ <capacity>1000000</capacity>
+ <allocation>50000</allocation>
+ <target>
+ <format type='iso'/>
+ </target>
+ </volume>
+ <volume>
+ <name>bochs-vol</name>
+ <capacity>1000000</capacity>
+ <allocation>50000</allocation>
+ <target>
+ <format type='bochs'/>
+ </target>
+ </volume>
+ <volume>
<name>testvol1.img</name>
<capacity>1000000</capacity>
<allocation>50000</allocation>
diff -r 143b09da8bcc -r aff98f015293 tests/xmlconfig-xml/misc-qemu-iso-disk.xml
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/tests/xmlconfig-xml/misc-qemu-iso-disk.xml Mon Sep 21 15:52:04 2009 -0400
@@ -0,0 +1,36 @@
+<domain type='xen'>
+ <name>TestGuest</name>
+ <currentMemory>204800</currentMemory>
+ <memory>409600</memory>
+ <uuid>12345678-1234-1234-1234-123456789012</uuid>
+ <os>
+ <type arch='i686'>hvm</type>
+ <loader>/usr/lib/xen/boot/hvmloader</loader>
+ <boot dev='cdrom'/>
+ </os>
+ <features>
+ <acpi/><apic/>
+ </features>
+ <clock offset="utc"/>
+ <on_poweroff>destroy</on_poweroff>
+ <on_reboot>destroy</on_reboot>
+ <on_crash>destroy</on_crash>
+ <vcpu>5</vcpu>
+ <devices>
+ <emulator>/usr/lib/xen/bin/qemu-dm</emulator>
+ <disk type='file' device='disk'>
+ <driver name='qemu' type='raw'/>
+ <source file='/default-pool/iso-vol'/>
+ <target dev='hda' bus='ide'/>
+ </disk>
+ <disk type='block' device='cdrom'>
+ <driver name='qemu'/>
+ <source dev='/dev/loop0'/>
+ <target dev='hdc' bus='ide'/>
+ <readonly/>
+ </disk>
+ <input type='mouse' bus='ps2'/>
+ <graphics type='sdl' display=':3.4' xauth='/testdir/.Xauthority'/>
+ <console type='pty'/>
+ </devices>
+</domain>
diff -r 143b09da8bcc -r aff98f015293 tests/xmlconfig.py
--- a/tests/xmlconfig.py Mon Sep 21 15:47:33 2009 -0400
+++ b/tests/xmlconfig.py Mon Sep 21 15:52:04 2009 -0400
@@ -302,9 +302,15 @@
g.disks.append(get_blkdisk())
self._compare(g, "misc-qemu-driver-name", True)
+ VirtualDisk._get_uri = new_get_uri
g = get_basic_fullyvirt_guest()
g.disks.append(get_filedisk())
self._compare(g, "misc-qemu-driver-type", True)
+
+ VirtualDisk._get_uri = new_get_uri
+ g = get_basic_fullyvirt_guest()
+ g.disks.append(get_filedisk("/default-pool/iso-vol"))
+ self._compare(g, "misc-qemu-iso-disk", True)
finally:
VirtualDisk._get_uri = oldgetdriver
diff -r 143b09da8bcc -r aff98f015293 virtinst/VirtualDisk.py
--- a/virtinst/VirtualDisk.py Mon Sep 21 15:47:33 2009 -0400
+++ b/virtinst/VirtualDisk.py Mon Sep 21 15:52:04 2009 -0400
@@ -55,6 +55,20 @@
except OSError:
return False
+def _qemu_sanitize_drvtype(phystype, fmt):
+ """
+ Sanitize libvirt storage volume format to a valid qemu driver type
+ """
+ raw_list = [ "iso" ]
+
+ if phystype == VirtualDisk.TYPE_BLOCK:
+ return VirtualDisk.DRIVER_QEMU_RAW
+
+ if fmt in raw_list:
+ return VirtualDisk.DRIVER_QEMU_RAW
+
+ return fmt
+
class VirtualDisk(VirtualDevice):
"""
Builds a libvirt domain disk xml description
@@ -490,8 +504,8 @@
http://lists.gnu.org/archive/html/qemu-devel/2008-04/msg00675.html
"""
- drvname = None
- drvtype = None
+ drvname = self._driverName
+ drvtype = self._driverType
if self.conn:
driver = _util.get_uri_driver(self._get_uri())
@@ -499,15 +513,15 @@
drvname = self.DRIVER_QEMU
if self.vol_object:
- drvtype = _util.get_xml_path(self.vol_object.XMLDesc(0),
- "/volume/target/format/@type")
+ fmt = _util.get_xml_path(self.vol_object.XMLDesc(0),
+ "/volume/target/format/@type")
+ if drvname == self.DRIVER_QEMU:
+ drvtype = _qemu_sanitize_drvtype(self.type, fmt)
elif self.vol_install:
if drvname == self.DRIVER_QEMU:
- if self.vol_install.file_type == libvirt.VIR_STORAGE_VOL_FILE:
- drvtype = self.vol_install.format
- else:
- drvtype = self.DRIVER_QEMU_RAW
+ drvtype = _qemu_sanitize_drvtype(self.type,
+ self.vol_install.format)
elif self.__creating_storage():
if drvname == self.DRIVER_QEMU:
@@ -729,8 +743,10 @@
managed_storage = self.__storage_specified()
create_media = self.__creating_storage()
+ self.__set_dev_type()
self.__set_size()
self.__set_format()
+ self.__set_driver()
if not self.selinux_label:
# If we are using existing storage, pull the label from it
@@ -745,9 +761,6 @@
self._selinux_label = context or ""
- # Set driverName + driverType
- self.__set_driver()
-
# If not creating the storage, our job is easy
if not create_media:
# Make sure we have access to the local path
@@ -757,7 +770,6 @@
raise ValueError(_("The path '%s' must be a file or a "
"device, not a directory") % self.path)
- self.__set_dev_type()
return True
@@ -770,7 +782,6 @@
if self.type is self.TYPE_BLOCK:
raise ValueError, _("Local block device path '%s' must "
"exist.") % self.path
- self.set_type(self.TYPE_FILE, validate=False)
# Path doesn't exist: make sure we have write access to dir
if not os.access(os.path.dirname(self.path), os.R_OK):
@@ -782,9 +793,6 @@
if not os.access(os.path.dirname(self.path), os.W_OK):
raise ValueError, _("No write access to directory '%s'") % \
os.path.dirname(self.path)
- else:
- # Set dev type from existing storage
- self.__set_dev_type()
# Applicable for managed or local storage
ret = self.is_size_conflict()
virtinst-0.500.0-nonroot-qemu-net.patch:
User.py | 4 ++++
__init__.py | 2 +-
_util.py | 10 ++++++++++
cli.py | 4 ++--
util.py | 4 ++--
5 files changed, 19 insertions(+), 5 deletions(-)
--- NEW FILE virtinst-0.500.0-nonroot-qemu-net.patch ---
# HG changeset patch
# User Cole Robinson <crobinso at redhat.com>
# Date 1253130900 14400
# Node ID 761714f08589587d6d24d4564664561d660becd6
# Parent be36b376adad1d7a57eff536aacae769c432f4c0
Use virtual networking (not user) if we are non-root on qemu:///system.
Since virt-install can use policykit now, we can be non-root and still use
qemu:///system.
diff -r be36b376adad -r 761714f08589 virtinst/User.py
--- a/virtinst/User.py Wed Sep 16 15:51:31 2009 -0400
+++ b/virtinst/User.py Wed Sep 16 15:55:00 2009 -0400
@@ -19,6 +19,7 @@
import platform
import os
+import _util
class User(object):
"""Defines a particular user account."""
@@ -50,6 +51,9 @@
if priv == self.PRIV_QEMU_SYSTEM:
return self._euid == 0
+ if priv == self.PRIV_CREATE_NETWORK:
+ return (self._euid == 0) or _util.is_qemu_system(conn)
+
if platform.system() != 'SunOS':
is_xen = not conn or conn.lower()[0:3] == 'xen'
if priv in [ self.PRIV_CLONE, self.PRIV_CREATE_DOMAIN ]:
diff -r be36b376adad -r 761714f08589 virtinst/__init__.py
--- a/virtinst/__init__.py Wed Sep 16 15:51:31 2009 -0400
+++ b/virtinst/__init__.py Wed Sep 16 15:55:00 2009 -0400
@@ -24,7 +24,6 @@
def _virtinst(msg):
return gettext.dgettext(gettext_app, msg)
-import util
import Storage
from Guest import Guest, XenGuest
from VirtualDevice import VirtualDevice
@@ -47,6 +46,7 @@
from ImageManager import ImageInstaller
from CloneManager import CloneDesign
from User import User
+import util
# This represents the PUBLIC API. Any changes to these classes (or 'util.py')
# must be mindful of this fact.
diff -r be36b376adad -r 761714f08589 virtinst/_util.py
--- a/virtinst/_util.py Wed Sep 16 15:51:31 2009 -0400
+++ b/virtinst/_util.py Wed Sep 16 15:55:00 2009 -0400
@@ -374,6 +374,16 @@
return None
+def is_qemu_system(conn):
+ if not conn:
+ return False
+
+ (scheme, ignore, ignore,
+ path, ignore, ignore) = uri_split(conn)
+ if path == "/system" and scheme.startswith("qemu"):
+ return True
+ return False
+
#
# These functions accidentally ended up in the API under virtinst.util
#
diff -r be36b376adad -r 761714f08589 virtinst/cli.py
--- a/virtinst/cli.py Wed Sep 16 15:51:31 2009 -0400
+++ b/virtinst/cli.py Wed Sep 16 15:55:00 2009 -0400
@@ -638,7 +638,7 @@
net = _util.default_network(conn)
networks.append(net[0] + ":" + net[1])
else:
- networks.append("user")
+ networks.append(VirtualNetworkInterface.TYPE_USER)
# ensure we have less macs then networks, otherwise autofill the mac list
if len(macs) > len(networks):
@@ -654,7 +654,7 @@
net = _util.default_network(conn)
networks.append(net[0] + ":" + net[1])
else:
- networks.append("user")
+ networks.append(VirtualNetworkInterface.TYPE_USER)
macs.append(None)
net_init_dicts = []
diff -r be36b376adad -r 761714f08589 virtinst/util.py
--- a/virtinst/util.py Wed Sep 16 15:51:31 2009 -0400
+++ b/virtinst/util.py Wed Sep 16 15:55:00 2009 -0400
@@ -40,7 +40,7 @@
from virtinst import _virtinst as _
import virtinst
import CapabilitiesParser
-from User import User
+import User
KEYBOARD_DIR = "/etc/sysconfig/keyboard"
XORG_CONF = "/etc/X11/xorg.conf"
@@ -107,7 +107,7 @@
os.path.exists("/usr/bin/qemu-kvm") or \
os.path.exists("/usr/bin/kvm") or \
os.path.exists("/usr/bin/xenner"):
- if User.current().has_priv(User.PRIV_QEMU_SYSTEM):
+ if User.User.current().has_priv(User.User.PRIV_QEMU_SYSTEM):
return "qemu:///system"
else:
return "qemu:///session"
Index: python-virtinst.spec
===================================================================
RCS file: /cvs/pkgs/rpms/python-virtinst/devel/python-virtinst.spec,v
retrieving revision 1.72
retrieving revision 1.73
diff -u -p -r1.72 -r1.73
--- python-virtinst.spec 16 Sep 2009 17:33:00 -0000 1.72
+++ python-virtinst.spec 24 Sep 2009 13:55:17 -0000 1.73
@@ -17,7 +17,7 @@
Summary: Python modules and utilities for installing virtual machines
Name: python-%{appname}
Version: 0.500.0
-Release: 3%{_extra_release}
+Release: 4%{_extra_release}
Source0: http://virt-manager.org/download/sources/%{appname}/%{appname}-%{version}.tar.gz
# Don't erroneously set limit for amount of virtio devices (bz 499654)
Patch1: %{appname}-%{version}-virtio-dev-limit.patch
@@ -33,6 +33,12 @@ Patch5: /home/boston/crobinso/virtinst-0
Patch6: /home/boston/crobinso/virtinst-0.500.0-disk-format.patch
# Add Fedora12 to os dictionary
Patch7: /home/boston/crobinso/virtinst-0.500.0-f12-distro.patch
+# Don't use usermode net for non-root qemu:///system via virt-install
+Patch8: %{appname}-%{version}-nonroot-qemu-net.patch
+# Fix cdrom installs where the iso is a storage volume (bz 524109)
+Patch9: %{appname}-%{version}-no-iso-driver.patch
+# Fix path permissions for kernel/initrd download location (bz 523960)
+Patch10: %{appname}-%{version}-change-path-perms.patch
License: GPLv2+
Group: Development/Libraries
@@ -67,6 +73,9 @@ and install new VMs) and virt-clone (clo
%patch5 -p1
%patch6 -p1
%patch7 -p1
+%patch8 -p1
+%patch9 -p1
+%patch10 -p1
%build
python setup.py build
@@ -102,6 +111,11 @@ rm -rf $RPM_BUILD_ROOT
%{_bindir}/virt-convert
%changelog
+* Thu Sep 24 2009 Cole Robinson <crobinso at redhat.com> - 0.500.0-4.fc12
+- Don't use usermode net for non-root qemu:///system via virt-install
+- Fix cdrom installs where the iso is a storage volume (bz 524109)
+- Fix path permissions for kernel/initrd download location (bz 523960)
+
* Wed Sep 16 2009 Cole Robinson <crobinso at redhat.com> - 0.500.0-3.fc12
- Don't generate bogus disk driver XML.
- Add '--disk format=' for specifying format (qcow2, ...) when provisioning
More information about the scm-commits
mailing list