kolla

regression in /dev/kvm permissions, /etc/libvirt/libvirtd.conf unreadable

Bug #1500733 reported by Steven Dake
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
kolla
Fix Released
Critical
Steven Dake
kolla liberty-rc1 "liberty-rc1"

Bug Description

The /dev/kvm needs to be owned by root:kvm 660 but it is owned by root:root 600. CentOS sets GID to KVM and drops root permissions, so it can't access the KVM file. Further complicating matters, /etc/libvirt/libvirtd.conf cannot be read by this version of libvirt unless the permissions are 644.

See original description
Steven Dake (sdake)
Changed in kolla:
importance: Undecided → Critical
assignee: nobody → Steven Dake (sdake)
milestone: none → liberty-rc1
status: New → Confirmed
Steven Dake (sdake)
summary: - centos uses libvirt.conf, ubuntu uses libvirtd.conf
+ regression in /dev/kvm permissions, /etc/libvirt/libvirtd.conf
+ unreadable
description: updated
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to kolla (master)

Fix proposed to branch: master
Review: https://review.openstack.org/228790

Changed in kolla:
status: Confirmed → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla (master)

Reviewed: https://review.openstack.org/228790
Committed: https://git.openstack.org/cgit/openstack/kolla/commit/?id=655d88e3a1054b61d9ede8b99c5ee95f11948227
Submitter: Jenkins
Branch: master

commit 655d88e3a1054b61d9ede8b99c5ee95f11948227
Author: Steven Dake <email address hidden>
Date: Tue Sep 29 01:37:35 2015 -0700

    Make libvirt function on CentOS

    Recent regressions in the code base removed permission setting of
    /dev/kvm to root:kvm 660 permissions which are default for CentOS's
    version of libvirt.

    Also Libvirt must be able to read its cnofiguration file, which was
    previously 600 root:root. Now its 644 root:root so its always readable.
    This is fine, since this file doesn't contain any secret information.

    Change-Id: Id87cf5da8e37bc5bb613ce919d0293803d0fe5ed
    Closes-Bug: #1500733

Changed in kolla:
status: In Progress → Fix Committed
Sam Yaple (s8m)
Changed in kolla:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.