[Pkg-libvirt-commits] [SCM] Libvirt Debian packaging branch, squeeze-security, updated. debian/0.8.3-5+squeeze4
Guido Günther
agx at sigxcpu.org
Sat Mar 16 13:08:31 UTC 2013
The following commit has been merged in the squeeze-security branch:
commit 9d7846f29e814c92456ca794a6391e0eccf64530
Author: Guido Günther <agx at sigxcpu.org>
Date: Tue Feb 26 06:28:30 2013 +0100
CVE-2013-1766: Use libvirt-qemu as group to run qemu/kvm instances
This makes sure we don't chown files to groups possibly used
by other programs.
Closes: #701649
diff --git a/debian/README.Debian b/debian/README.Debian
index b8c97e0..02c0a49 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -56,6 +56,9 @@ Access Control
Access to the libvirt socket is controlled by membership in the "libvirt" group.
If you want to manage VMs as non root you need to add a user to that group.
+System QEMU/KVM processes are run as user and group libvirt-qemu. This can be
+adjusted via /etc/libvirt/qemu.conf.
+
QEMU/KVM: Dropping Capabilties
==============================
Network interfaces of type "ethernet" use a script like /etc/qemu-ifup to set up
diff --git a/debian/libvirt-bin.NEWS b/debian/libvirt-bin.NEWS
index ee32190..c6c40f6 100644
--- a/debian/libvirt-bin.NEWS
+++ b/debian/libvirt-bin.NEWS
@@ -1,3 +1,12 @@
+libvirt (0.8.3-5+squeeze4) experimental; urgency=low
+
+ For qemu:///system KVM/QEMU processes now run as group libvirt-qemu. This
+ makes sure image files and volumes aren't accessible by users in the more
+ general and previously used kvm group. To change this behaviour adjust the
+ group option in /etc/libvirt/qemu.conf.
+
+ -- Guido Günther <agx at sigxcpu.org> Tue, 26 Feb 2013 06:30:48 +0100
+
libvirt (0.8.3-2) unstable; urgency=low
Disk format probing is disabled now by default for security reasons
diff --git a/debian/libvirt-bin.postinst b/debian/libvirt-bin.postinst
index ea85ad2..fed481b 100644
--- a/debian/libvirt-bin.postinst
+++ b/debian/libvirt-bin.postinst
@@ -17,17 +17,16 @@ set -e
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
-
case "$1" in
configure)
if ! getent group libvirt >/dev/null; then
addgroup --system libvirt
fi
- # user and group libvirt runs qemu/kvm instances with
if ! getent group kvm >/dev/null; then
addgroup --quiet --system kvm
fi
+ # user and group libvirt runs qemu/kvm instances with
if ! getent passwd libvirt-qemu >/dev/null; then
adduser --quiet \
--system \
@@ -40,6 +39,10 @@ case "$1" in
-gecos "Libvirt Qemu" \
libvirt-qemu
fi
+ if ! getent group libvirt-qemu >/dev/null; then
+ addgroup --quiet --system libvirt-qemu
+ adduser libvirt-qemu libvirt-qemu
+ fi
# libvirt from 0.6.0 on is safe to restart with running vms:
if [ -n "$2" ] && dpkg --compare-versions "$2" ge 0.6.0; then
diff --git a/debian/libvirt-bin.postrm b/debian/libvirt-bin.postrm
index d6e9b99..086fda3 100644
--- a/debian/libvirt-bin.postrm
+++ b/debian/libvirt-bin.postrm
@@ -24,7 +24,14 @@ case "$1" in
if getent group libvirt >/dev/null; then
delgroup libvirt || true
fi
-
+
+ if getent passwd libvirt-qemu >/dev/null; then
+ deluser libvirt-qemu || true
+ fi
+
+ if getent group libvirt-qemu >/dev/null; then
+ delgroup libvirt-qemu || true
+ fi
;;
remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
;;
diff --git a/debian/rules b/debian/rules
index 159797d..63559e5 100755
--- a/debian/rules
+++ b/debian/rules
@@ -25,7 +25,7 @@ DEB_CONFIGURE_EXTRA_FLAGS := \
--disable-rpath \
--with-qemu \
--with-qemu-user=libvirt-qemu \
- --with-qemu-group=kvm \
+ --with-qemu-group=libvirt-qemu \
--with-openvz \
--with-avahi \
--with-sasl \
--
Libvirt Debian packaging
More information about the Pkg-libvirt-commits
mailing list