libvirt.spec.in | 1 + src/remote/libvirt.sysusers.conf | 1 + src/remote/meson.build | 7 +++++++ 3 files changed, 9 insertions(+) create mode 100644 src/remote/libvirt.sysusers.conf
We previously added a sysusers file, but missed the 'libvirt' group.
This group is referenced in the polkit rules, so we should be
registering that too. It must be done in a separate sysusers file,
however, since it is common to all daemons.
Fixes: a2c3e390f7bedf36f4ddc544d09fe3b8772c5c6f
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
---
libvirt.spec.in | 1 +
src/remote/libvirt.sysusers.conf | 1 +
src/remote/meson.build | 7 +++++++
3 files changed, 9 insertions(+)
create mode 100644 src/remote/libvirt.sysusers.conf
diff --git a/libvirt.spec.in b/libvirt.spec.in
index a82c366334..5c5d36966d 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -2110,6 +2110,7 @@ exit 0
%{_datadir}/polkit-1/actions/org.libvirt.unix.policy
%{_datadir}/polkit-1/actions/org.libvirt.api.policy
%{_datadir}/polkit-1/rules.d/50-libvirt.rules
+%{_sysusersdir}/libvirt.conf
%dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/
%attr(0755, root, root) %{_libexecdir}/libvirt_iohelper
%attr(0755, root, root) %{_bindir}/virt-ssh-helper
diff --git a/src/remote/libvirt.sysusers.conf b/src/remote/libvirt.sysusers.conf
new file mode 100644
index 0000000000..50c6716cce
--- /dev/null
+++ b/src/remote/libvirt.sysusers.conf
@@ -0,0 +1 @@
+g libvirt -
diff --git a/src/remote/meson.build b/src/remote/meson.build
index ea063ed6cc..e503263266 100644
--- a/src/remote/meson.build
+++ b/src/remote/meson.build
@@ -310,6 +310,13 @@ if conf.has('WITH_REMOTE')
)
endif
+ # Install the sysuser config for the daemon polkit rules
+ install_data(
+ 'libvirt.sysusers.conf',
+ install_dir: sysusersdir,
+ rename: [ 'libvirt.conf' ],
+ )
+
virt_helpers += {
'name': 'virt-ssh-helper',
'sources': [
--
2.47.1On Wed, Jan 29, 2025 at 15:46:30 +0000, Daniel P. Berrangé wrote: > We previously added a sysusers file, but missed the 'libvirt' group. > This group is referenced in the polkit rules, so we should be > registering that too. It must be done in a separate sysusers file, > however, since it is common to all daemons. > > Fixes: a2c3e390f7bedf36f4ddc544d09fe3b8772c5c6f > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> > --- > libvirt.spec.in | 1 + > src/remote/libvirt.sysusers.conf | 1 + > src/remote/meson.build | 7 +++++++ > 3 files changed, 9 insertions(+) > create mode 100644 src/remote/libvirt.sysusers.conf The specfile also creates a virtlogin which is not mentioned in any sysuers file either. Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
On Wed, Jan 29, 2025 at 05:11:25PM +0100, Jiri Denemark wrote: > On Wed, Jan 29, 2025 at 15:46:30 +0000, Daniel P. Berrangé wrote: > > We previously added a sysusers file, but missed the 'libvirt' group. > > This group is referenced in the polkit rules, so we should be > > registering that too. It must be done in a separate sysusers file, > > however, since it is common to all daemons. > > > > Fixes: a2c3e390f7bedf36f4ddc544d09fe3b8772c5c6f > > Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> > > --- > > libvirt.spec.in | 1 + > > src/remote/libvirt.sysusers.conf | 1 + > > src/remote/meson.build | 7 +++++++ > > 3 files changed, 9 insertions(+) > > create mode 100644 src/remote/libvirt.sysusers.conf > > The specfile also creates a virtlogin which is not mentioned in any > sysuers file either. Sigh, yet more. Wll send a followup for that. > > Reviewed-by: Jiri Denemark <jdenemar@redhat.com> > With regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
© 2016 - 2025 Red Hat, Inc.