[Pkg-libvirt-commits] [SCM] Libvirt Debian packaging branch, master, updated. debian/0.9.3-1-6-g70fffe3

Sat Jul 23 09:52:23 UTC 2011

The following commit has been merged in the master branch:
commit b59be2f71e457e08bef9eee87f36872674cf69bd
Author: Guido Günther <agx at sigxcpu.org>
Date:   Sat Jul 23 01:01:41 2011 +0200

    Adjust directory permissons
    
    to what upstream uses to avoid potential information leackage.
    
    Closes: #632332

diff --git a/debian/libvirt-bin.postinst b/debian/libvirt-bin.postinst
index ea85ad2..53d0cf7 100644
--- a/debian/libvirt-bin.postinst
+++ b/debian/libvirt-bin.postinst
@@ -17,29 +17,64 @@ set -e
 # for details, see http://www.debian.org/doc/debian-policy/ or
 # the debian-policy package
 
+add_users_groups()
+{
+    if ! getent group libvirt >/dev/null; then
+        addgroup --system libvirt
+    fi
+
+    # user and group libvirt runs qemu/kvm instances with
+    if ! getent group kvm >/dev/null; then
+        addgroup --quiet --system kvm
+    fi
+    if ! getent passwd libvirt-qemu >/dev/null; then
+        adduser --quiet \
+            --system \
+            --ingroup kvm \
+            --quiet \
+            --disabled-login \
+            --disabled-password \
+            --home /var/lib/libvirt \
+            --no-create-home \
+            -gecos "Libvirt Qemu" \
+            libvirt-qemu
+    fi
+}
+
+
+add_statoverrides()
+{
+    ROOT_DIRS="\
+        /var/lib/libvirt/images/ \
+        /var/lib/libvirt/boot/   \
+        /var/cache/libvirt/      \
+    "
+
+    QEMU_DIRS="\
+         /var/lib/libvirt/qemu/   \
+         /var/cache/libvirt/qemu/ \
+    "
+
+    for dir in ${ROOT_DIRS}; do
+        if ! dpkg-statoverride --list "${dir}" >/dev/null 2>&1; then
+            chown root:root "${dir}"
+            chmod 0711 "${dir}"
+        fi
+    done
+
+    for dir in ${QEMU_DIRS}; do
+        if ! dpkg-statoverride --list "${dir}" >/dev/null 2>&1; then
+            chown libvirt-qemu:kvm "${dir}"
+            chmod 0750 "${dir}"
+        fi
+    done
+}
+
 
 case "$1" in
     configure)
-    	if ! getent group libvirt >/dev/null; then
-    		addgroup --system libvirt
-	fi
-
-	# user and group libvirt runs qemu/kvm instances with
-	if ! getent group kvm >/dev/null; then
-		addgroup --quiet --system kvm
-	fi
-	if ! getent passwd libvirt-qemu >/dev/null; then
-		adduser --quiet \
-			--system \
-			--ingroup kvm \
-			--quiet \
-			--disabled-login \
-			--disabled-password \
-                        --home /var/lib/libvirt \
-                        --no-create-home \
-			-gecos "Libvirt Qemu" \
-			libvirt-qemu
-	fi
+        add_users_groups
+        add_statoverrides
 
 	# libvirt from 0.6.0 on is safe to restart with running vms:
 	if [ -n "$2" ] &&  dpkg --compare-versions "$2" ge 0.6.0; then

-- 
Libvirt Debian packaging

