Hello community, here is the log from the commit of package libvirt for openSUSE:Factory checked in at 2019-02-24 16:53:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libvirt (Old) and /work/SRC/openSUSE:Factory/.libvirt.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libvirt" Sun Feb 24 16:53:30 2019 rev:273 rq:677537 version:5.0.0 Changes: -------- --- /work/SRC/openSUSE:Factory/libvirt/libvirt.changes 2019-02-11 21:16:43.663358229 +0100 +++ /work/SRC/openSUSE:Factory/.libvirt.new.28833/libvirt.changes 2019-02-24 16:53:32.244961660 +0100 @@ -1,0 +2,7 @@ +Tue Feb 19 23:36:28 UTC 2019 - James Fehlig <[email protected]> + +- qemu: don't use CAP_DAC_OVERRIDE capability if non-root + 620d9dd5-qemu-no-dac-override-nonroot.patch + boo#1125665 + +------------------------------------------------------------------- New: ---- 620d9dd5-qemu-no-dac-override-nonroot.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libvirt.spec ++++++ --- /var/tmp/diff_new_pack.NyOVtX/_old 2019-02-24 16:53:35.220960264 +0100 +++ /var/tmp/diff_new_pack.NyOVtX/_new 2019-02-24 16:53:35.220960264 +0100 @@ -340,6 +340,7 @@ Patch5: 6fd4c8f8-qemu-domain-sev.patch Patch6: 17f6a257-security-dac-sev.patch Patch7: a2d3dea9-qemu-caps-dac-override-sev.patch +Patch8: 620d9dd5-qemu-no-dac-override-nonroot.patch # Patches pending upstream review Patch100: libxl-dom-reset.patch Patch101: network-don-t-use-dhcp-authoritative-on-static-netwo.patch @@ -881,6 +882,7 @@ %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 %patch100 -p1 %patch101 -p1 %patch150 -p1 ++++++ 620d9dd5-qemu-no-dac-override-nonroot.patch ++++++ commit 620d9dd598fde388f56ac37bcd3b31168c2f9fc6 Author: Peter Krempa <[email protected]> Date: Mon Feb 4 16:24:15 2019 +0100 qemu: caps: Don't try to ask for CAP_DAC_OVERRIDE if non-root It will not work. This breaks qemu capabilities probing as a user. Signed-off-by: Peter Krempa <[email protected]> Reviewed-by: Erik Skultety <[email protected]> Index: libvirt-5.0.0/src/qemu/qemu_capabilities.c =================================================================== --- libvirt-5.0.0.orig/src/qemu/qemu_capabilities.c +++ libvirt-5.0.0/src/qemu/qemu_capabilities.c @@ -4529,7 +4529,8 @@ virQEMUCapsInitQMPCommandRun(virQEMUCaps #if WITH_CAPNG /* QEMU might run into permission issues, e.g. /dev/sev (0600), override * them just for the purpose of probing */ - virCommandAllowCap(cmd->cmd, CAP_DAC_OVERRIDE); + if (geteuid() == 0) + virCommandAllowCap(cmd->cmd, CAP_DAC_OVERRIDE); #endif virCommandSetGID(cmd->cmd, cmd->runGid);
