[Pkg-libvirt-commits] [Git][libvirt-team/libvirt][lgarrett/fix-logic-when-tainting-domain] Deleted 1 commit: Change permissions on /var/lib/libvirt/images/

Lee Garrett (@lgarrett) gitlab at salsa.debian.org
Fri Aug 9 13:14:31 BST 2024 


Lee Garrett pushed to branch lgarrett/fix-logic-when-tainting-domain at Libvirt Packaging Team / libvirt


WARNING: The push did not contain any new commits, but force pushed to delete the commits and changes below.


Deleted commits:
5b36d6b9 by Lee Garrett at 2024-08-09T13:24:49+02:00
Change permissions on /var/lib/libvirt/images/

Change it to the libvirt group ownership, and make it writeable. This allows
tools like virt-v2v to run rootless, as long as the user is part of the libvirt
group. This does not have security implications, as the users of the libvirt
group can already write arbitrary files there via the libvirt API.

Closes: #1054230

- - - - -


1 changed file:

- debian/libvirt-daemon-system.postinst


Changes:

=====================================
debian/libvirt-daemon-system.postinst
=====================================
@@ -65,8 +65,11 @@ add_users_groups()
 
 add_statoverrides()
 {
-    ROOT_DIRS="
+    LIBVIRT_GROUP_DIRS="
         /var/lib/libvirt/images/
+    "
+
+    ROOT_DIRS="
         /var/lib/libvirt/boot/
         /var/cache/libvirt/
         /var/cache/libvirt/qemu/
@@ -82,6 +85,13 @@ add_statoverrides()
 
     QEMU_CONF="/etc/libvirt/qemu.conf"
 
+    for dir in ${LIBVIRT_GROUP_DIRS}; do
+        if ! dpkg-statoverride --list "${dir}" >/dev/null 2>&1; then
+            [ ! -e "${dir}" ] || chown root:libvirt "${dir}"
+            [ ! -e "${dir}" ] || chmod 0771 "${dir}"
+        fi
+    done
+
     for dir in ${ROOT_DIRS}; do
         if ! dpkg-statoverride --list "${dir}" >/dev/null 2>&1; then
             [ ! -e "${dir}" ] || chown root:root "${dir}"



View it on GitLab: https://salsa.debian.org/libvirt-team/libvirt/-/commit/5b36d6b9af5997c6e3473e6724b9a58047803adf

-- 
View it on GitLab: https://salsa.debian.org/libvirt-team/libvirt/-/commit/5b36d6b9af5997c6e3473e6724b9a58047803adf
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-libvirt-commits/attachments/20240809/9f56b501/attachment-0001.htm>

More information about the Pkg-libvirt-commits mailing list