[Pkg-libvirt-maintainers] Bug#1054230: Please change permissions on /var/lib/libvirt/images/

Lee Garrett debian at rocketjump.eu
Wed Oct 16 16:50:27 BST 2024 

Upstream has responded, and it's indeed a tad more complicated: 
https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/BUTSYSN22Y57GHHWHJW7FTMEZTJWZ4ZN/
As such, I'm refraining for pushing these changes and will find a different 
workaround.

On 19.10.23 17:12, Lee Garrett wrote:
> Package: libvirt-daemon-system
> Version: 9.0.0-4
> Severity: wishlist
> X-Debbugs-Cc: debian at rocketjump.eu
> 
> Hi,
> 
> Currently, the permissions for /var/lib/libvirt/images are root:root u=rwx,go=x.
> It would be nice to change those to root:libvirt ug=rwx,o=x. This should not
> change anything from the security standpoint, as users of the libvirt group can
> already interact with libvirtd and add/remove/modify VMs.
> 
> The upside would be that virt-v2v can run without root permissions, as it
> directly writes to that dir. I have verified that changing the permissions
> allows virt-v2v to run rootless.
> 
> For completeness, this is the command line I've tested it with:
> virt-v2v -i ova -o libvirt -of qcow2 -oo compressed -oc 'qemu:///system' win11.zip -on win11trial
> 
> Regards,
> Lee
> 
> 
> -- System Information:
> Debian Release: 12.2
>    APT prefers stable-updates
>    APT policy: (990, 'stable-updates'), (990, 'stable-security'), (990, 'stable')
> Architecture: amd64 (x86_64)
> 
> Kernel: Linux 6.1.0-13-amd64 (SMP w/8 CPU threads; PREEMPT)
> Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
> Shell: /bin/sh linked to /usr/bin/dash
> Init: systemd (via /run/systemd/system)
> LSM: AppArmor: enabled
> 
> Versions of packages libvirt-daemon-system depends on:
> ii  adduser                         3.134
> ii  debconf [debconf-2.0]           1.5.82
> ii  gettext-base                    0.21-12
> ii  iptables                        1.8.9-2
> ii  libvirt-clients                 9.0.0-4
> ii  libvirt-daemon                  9.0.0-4
> ii  libvirt-daemon-config-network   9.0.0-4
> ii  libvirt-daemon-config-nwfilter  9.0.0-4
> ii  libvirt-daemon-system-systemd   9.0.0-4
> ii  logrotate                       3.21.0-1
> ii  polkitd                         122-3
> 
> Versions of packages libvirt-daemon-system recommends:
> ii  dmidecode                    3.4-1
> ii  dnsmasq-base [dnsmasq-base]  2.89-1
> ii  iproute2                     6.1.0-3
> ii  mdevctl                      1.2.0-3+b1
> ii  parted                       3.5-3
> 
> Versions of packages libvirt-daemon-system suggests:
> ii  apparmor    3.0.8-3
> pn  auditd      <none>
> pn  nfs-common  <none>
> pn  open-iscsi  <none>
> pn  pm-utils    <none>
> ii  systemd     252.17-1~deb12u1
> pn  systemtap   <none>
> pn  zfsutils    <none>
> 
> -- Configuration Files:
> /etc/default/libvirt-guests changed [not included]
> /etc/libvirt/qemu.conf [Errno 13] Permission denied: '/etc/libvirt/qemu.conf'
> 
> -- debconf information excluded

More information about the Pkg-libvirt-maintainers mailing list