libvirt.spec.in | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-)
These daemons do not have any support for unprivileged readonly
access, so we must not reference -ro.socket units in scripts.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
libvirt.spec.in | 18 +++++++++++-------
1 file changed, 11 insertions(+), 7 deletions(-)
diff --git a/libvirt.spec.in b/libvirt.spec.in
index 97030be407..e672fcc3a5 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1279,14 +1279,18 @@ then \
fi \
%libvirt_daemon_finish_restart %1
+# For daemons with only UNIX sockets
%define libvirt_daemon_systemd_post() %systemd_post %1.socket %1-ro.socket %1-admin.socket %1.service
-
-%define libvirt_daemon_systemd_post_inet() %systemd_post %1.socket %1-ro.socket %1-admin.socket %1-tls.socket %1-tcp.socket %1.service
-
%define libvirt_daemon_systemd_preun() %systemd_preun %1.service %1-ro.socket %1-admin.socket %1.socket
+# For daemons with UNIX and INET sockets
+%define libvirt_daemon_systemd_post_inet() %systemd_post %1.socket %1-ro.socket %1-admin.socket %1-tls.socket %1-tcp.socket %1.service
%define libvirt_daemon_systemd_preun_inet() %systemd_preun %1.service %1-ro.socket %1-admin.socket %1-tls.socket %1-tcp.socket %1.socket
+# For daemons with only UNIX sockets and no unprivileged read-only access
+%define libvirt_daemon_systemd_post_priv() %systemd_post %1.socket %1-admin.socket %1.service
+%define libvirt_daemon_systemd_preun_priv() %systemd_preun %1.service %1-admin.socket %1.socket
+
%pre daemon
# 'libvirt' group is just to allow password-less polkit access to
# libvirtd. The uid number is irrelevant, so we use dynamic allocation
@@ -1296,8 +1300,8 @@ getent group libvirt >/dev/null || groupadd -r libvirt
exit 0
%post daemon
-%libvirt_daemon_systemd_post virtlogd
-%libvirt_daemon_systemd_post virtlockd
+%libvirt_daemon_systemd_post_priv virtlogd
+%libvirt_daemon_systemd_post_priv virtlockd
%if %{with_modular_daemons}
%libvirt_daemon_systemd_post_inet virtproxyd
%else
@@ -1313,8 +1317,8 @@ exit 0
%libvirt_daemon_systemd_preun_inet libvirtd
%libvirt_daemon_systemd_preun_inet virtproxyd
-%libvirt_daemon_systemd_preun virtlogd
-%libvirt_daemon_systemd_preun virtlockd
+%libvirt_daemon_systemd_preun_priv virtlogd
+%libvirt_daemon_systemd_preun_priv virtlockd
%postun daemon
/bin/systemctl daemon-reload >/dev/null 2>&1 || :
--
2.33.1
On a Tuesday in 2021, Daniel P. Berrangé wrote: >These daemons do not have any support for unprivileged readonly >access, so we must not reference -ro.socket units in scripts. > >Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> >--- > libvirt.spec.in | 18 +++++++++++------- > 1 file changed, 11 insertions(+), 7 deletions(-) > Reviewed-by: Ján Tomko <jtomko@redhat.com> Jano
© 2016 - 2024 Red Hat, Inc.