Libguestfs - Sep 2016 - Re: [PATCH] v2v: ova: Make OVA directory public readable to work around libvirt bug (RHBZ#1375157).

Only do this if running as root and if the backend is set
to libvirt.
---
 v2v/input_ova.ml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/v2v/input_ova.ml b/v2v/input_ova.ml
index 4f848e2..bb9cb1b 100644
--- a/v2v/input_ova.ml
+++ b/v2v/input_ova.ml
@@ -104,6 +104,19 @@ object
     (* Exploded path must be absolute (RHBZ#1155121). *)
     let exploded = absolute_path exploded in
 
+    (* If virt-v2v is running as root, and the backend is libvirt, then
+     * we have to chmod the directory to 0755 and files to 0644
+     * so it is readable by qemu.qemu.  This is libvirt bug RHBZ#890291.
+     *)
+    if Unix.geteuid () = 0 then (
+      let libguestfs_backend = (open_guestfs ())#get_backend () in
+      if libguestfs_backend = "libvirt" then (
+        warning (f_"making OVA directory public readable to workaround
libvirt bug https://bugzilla.redhat.com/890291");
+        let cmd = [ "chmod"; "-R"; "go=u,go-w";
exploded ] in
+        ignore (run_command cmd)
+      )
+    );
+
     (* Find files in [dir] ending with [ext]. *)
     let find_files dir ext        let rec loop = function
-- 
2.7.4

On Monday, 12 September 2016 11:53:26 CEST Richard W.M. Jones
wrote:
> Only do this if running as root and if the backend is set
> to libvirt.
> ---
>  v2v/input_ova.ml | 13 +++++++++++++
>  1 file changed, 13 insertions(+)
> 
> diff --git a/v2v/input_ova.ml b/v2v/input_ova.ml
> index 4f848e2..bb9cb1b 100644
> --- a/v2v/input_ova.ml
> +++ b/v2v/input_ova.ml
> @@ -104,6 +104,19 @@ object
>      (* Exploded path must be absolute (RHBZ#1155121). *)
>      let exploded = absolute_path exploded in
>  
> +    (* If virt-v2v is running as root, and the backend is libvirt, then
> +     * we have to chmod the directory to 0755 and files to 0644
> +     * so it is readable by qemu.qemu.  This is libvirt bug RHBZ#890291.
> +     *)
> +    if Unix.geteuid () = 0 then (
> +      let libguestfs_backend = (open_guestfs ())#get_backend () in
> +      if libguestfs_backend = "libvirt" then (
> +        warning (f_"making OVA directory public readable to
workaround libvirt bug https://bugzilla.redhat.com/890291");
> +        let cmd = [ "chmod"; "-R";
"go=u,go-w"; exploded ] in
> +        ignore (run_command cmd)
> +      )
> +    );
> +
The problem is that if the ova is specified as directory, this will
change its permissions, which is not expected.

I'd put this once when creating tmpdir above, right after the
Mkdtemp.temp_dir for it: this way you don't need -R for chmod.

-- 
Pino Toscano

On Mon, Sep 12, 2016 at 01:51:42PM +0200, Pino Toscano
wrote:
> On Monday, 12 September 2016 11:53:26 CEST Richard W.M. Jones wrote:
> > Only do this if running as root and if the backend is set
> > to libvirt.
> > ---
> >  v2v/input_ova.ml | 13 +++++++++++++
> >  1 file changed, 13 insertions(+)
> > 
> > diff --git a/v2v/input_ova.ml b/v2v/input_ova.ml
> > index 4f848e2..bb9cb1b 100644
> > --- a/v2v/input_ova.ml
> > +++ b/v2v/input_ova.ml
> > @@ -104,6 +104,19 @@ object
> >      (* Exploded path must be absolute (RHBZ#1155121). *)
> >      let exploded = absolute_path exploded in
> >  
> > +    (* If virt-v2v is running as root, and the backend is libvirt,
then
> > +     * we have to chmod the directory to 0755 and files to 0644
> > +     * so it is readable by qemu.qemu.  This is libvirt bug
RHBZ#890291.
> > +     *)
> > +    if Unix.geteuid () = 0 then (
> > +      let libguestfs_backend = (open_guestfs ())#get_backend () in
> > +      if libguestfs_backend = "libvirt" then (
> > +        warning (f_"making OVA directory public readable to
workaround libvirt bug https://bugzilla.redhat.com/890291");
> > +        let cmd = [ "chmod"; "-R";
"go=u,go-w"; exploded ] in
> > +        ignore (run_command cmd)
> > +      )
> > +    );
> > +
> 
> The problem is that if the ova is specified as directory, this will
> change its permissions, which is not expected.
Yeah I thought about that too, hence the visible warning.

The problem is that this failure also occurs if we are passed an
exploded OVA which has the wrong permissions.  It's not just something
which happens with the tmpdir that we create.

Really the answer is for libvirt to just fix this ...

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines.  Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top