Bug#1054230: Please change permissions on /var/lib/libvirt/images/

Thu, 19 Oct 2023 08:15:14 -0700 

Package: libvirt-daemon-system
Version: 9.0.0-4
Severity: wishlist
X-Debbugs-Cc: deb...@rocketjump.eu

Hi,

Currently, the permissions for /var/lib/libvirt/images are root:root u=rwx,go=x.
It would be nice to change those to root:libvirt ug=rwx,o=x. This should not
change anything from the security standpoint, as users of the libvirt group can
already interact with libvirtd and add/remove/modify VMs.

The upside would be that virt-v2v can run without root permissions, as it
directly writes to that dir. I have verified that changing the permissions
allows virt-v2v to run rootless.

For completeness, this is the command line I've tested it with:
virt-v2v -i ova -o libvirt -of qcow2 -oo compressed -oc 'qemu:///system' 
win11.zip -on win11trial

Regards,
Lee


-- System Information:
Debian Release: 12.2
  APT prefers stable-updates
  APT policy: (990, 'stable-updates'), (990, 'stable-security'), (990, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 6.1.0-13-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libvirt-daemon-system depends on:
ii  adduser                         3.134
ii  debconf [debconf-2.0]           1.5.82
ii  gettext-base                    0.21-12
ii  iptables                        1.8.9-2
ii  libvirt-clients                 9.0.0-4
ii  libvirt-daemon                  9.0.0-4
ii  libvirt-daemon-config-network   9.0.0-4
ii  libvirt-daemon-config-nwfilter  9.0.0-4
ii  libvirt-daemon-system-systemd   9.0.0-4
ii  logrotate                       3.21.0-1
ii  polkitd                         122-3

Versions of packages libvirt-daemon-system recommends:
ii  dmidecode                    3.4-1
ii  dnsmasq-base [dnsmasq-base]  2.89-1
ii  iproute2                     6.1.0-3
ii  mdevctl                      1.2.0-3+b1
ii  parted                       3.5-3

Versions of packages libvirt-daemon-system suggests:
ii  apparmor    3.0.8-3
pn  auditd      <none>
pn  nfs-common  <none>
pn  open-iscsi  <none>
pn  pm-utils    <none>
ii  systemd     252.17-1~deb12u1
pn  systemtap   <none>
pn  zfsutils    <none>

-- Configuration Files:
/etc/default/libvirt-guests changed [not included]
/etc/libvirt/qemu.conf [Errno 13] Permission denied: '/etc/libvirt/qemu.conf'

-- debconf information excluded

Reply via email to