[Bug 691590] Re: libvirt restore exactly the old ownership of images

Christian Ehrhardt  691590 at bugs.launchpad.net
Thu Jun 25 13:36:02 UTC 2020 

** Description changed:

+ [Impact]
+ 
+  * A rather old bug which could have been solved much sooner. Attr support 
+    was disabled way back in time for triggering some test issues. Since 
+    then the test issues and also many more rough edges of ATTR support have 
+    been fixed.
+ 
+  * This change shall enable attr support again which allows libvirt to 
+    remember and carry ownership information on image files as extended 
+    attributes.
+ 
+ [Test Case]
+ 
+  * Prepare a guest that you can start/stop e.g. with uvtool-libvirt
+  * Own the image by anything other than root:root
+  * Start the guest (ownership will change to the user the guest runs as)
+  * Stop the guest:
+    - fail: will set root:root to the images effectively stealing them
+    - correct: remembers the old ownership and restores that
+ 
+ [Regression Potential]
+ 
+  * This mostly influences DAC control of files, which is exactly what we 
+    want to fix. There are a few lifecycle tasks which now also have to 
+    carry labels e.g. on any image handling. I don't expect regressions, but 
+    this is the place to look out for.
+  * The behavior on File systems unable to XATTR matches that of the 
+    formerly disable feature, so on those cases where it has no positive 
+    change it will have no change at all.
+ 
+ [Other Info]
+  
+  * Technically we could backport this into all releases, but while I find 
+    it right to fix in Focal OTOH Bionic and even more so Xenial really are 
+    even "more stable" after their time in the field. Users either have 
+    adapted already or even rely/expect the semi-broken behavior. Therefore 
+    this is only targetting Focal intentionally.
+ 
+  * (very) worst case one can set the FS the images are on to "nouser_xattr"
+    as mount option.
+ 
+ 
+ ---
+ 
  Natty (and it was also the same on Maverick, IIRC).
  
  When you assign an ISO to a VM, libvirt will take over onwership of the
  ISO. This creates problems if the ISO is updated.
  
  For example, I am daily updating the Natty server ISOs, and running
  tests on them via KVM (all automated). The ISO updates will fail because
  libvirt chowns them.
  
  I see no reason for this: libvirt only needs the ISO as input.
  
  WORKAROUND:
    edit /etc/libvirt/qemu.conf, change 'dynamic_ownership = 0', restart qemu/KVM.

** Also affects: libvirt (Ubuntu Focal)
   Importance: Undecided
       Status: New

** Changed in: libvirt (Ubuntu Focal)
   Importance: Undecided => Medium

** Changed in: libvirt (Ubuntu Focal)
       Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Sponsors Team, which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/691590

Title:
  libvirt restore exactly the old ownership of images

Status in libvirt package in Ubuntu:
  Fix Released
Status in libvirt source package in Focal:
  Triaged

Bug description:
  [Impact]

   * A rather old bug which could have been solved much sooner. Attr support 
     was disabled way back in time for triggering some test issues. Since 
     then the test issues and also many more rough edges of ATTR support have 
     been fixed.

   * This change shall enable attr support again which allows libvirt to 
     remember and carry ownership information on image files as extended 
     attributes.

  [Test Case]

   * Prepare a guest that you can start/stop e.g. with uvtool-libvirt
   * Own the image by anything other than root:root
   * Start the guest (ownership will change to the user the guest runs as)
   * Stop the guest:
     - fail: will set root:root to the images effectively stealing them
     - correct: remembers the old ownership and restores that

  [Regression Potential]

   * This mostly influences DAC control of files, which is exactly what we 
     want to fix. There are a few lifecycle tasks which now also have to 
     carry labels e.g. on any image handling. I don't expect regressions, but 
     this is the place to look out for.
   * The behavior on File systems unable to XATTR matches that of the 
     formerly disable feature, so on those cases where it has no positive 
     change it will have no change at all.

  [Other Info]
   
   * Technically we could backport this into all releases, but while I find 
     it right to fix in Focal OTOH Bionic and even more so Xenial really are 
     even "more stable" after their time in the field. Users either have 
     adapted already or even rely/expect the semi-broken behavior. Therefore 
     this is only targetting Focal intentionally.

   * (very) worst case one can set the FS the images are on to "nouser_xattr"
     as mount option.

  
  ---

  Natty (and it was also the same on Maverick, IIRC).

  When you assign an ISO to a VM, libvirt will take over onwership of
  the ISO. This creates problems if the ISO is updated.

  For example, I am daily updating the Natty server ISOs, and running
  tests on them via KVM (all automated). The ISO updates will fail
  because libvirt chowns them.

  I see no reason for this: libvirt only needs the ISO as input.

  WORKAROUND:
    edit /etc/libvirt/qemu.conf, change 'dynamic_ownership = 0', restart qemu/KVM.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/691590/+subscriptions

More information about the Ubuntu-sponsors mailing list