** Description changed: + [Impact] + + * Due to the difference in auth mechanisms between Debian (polkit) + and Ubuntu (group based) libvirt-dbus does not work as-is in + Ubuntu. + + * Users would need to manually add a user to a group, but we + should make the default install experience work. + + [Test Case] + + # should install fine + $ sudo apt-get install libvirt-dbus + # should be avail due to dependencies and look normal (as shown here) + $ ls -l /var/run/libvirt/libvirt-sock + srw-rw---- 1 root libvirt 0 Oct 5 05:50 /var/run/libvirt/libvirt-sock + # should be part of the "libvirt" group + $ id libvirtdbus + uid=997(libvirtdbus) gid=997(libvirtdbus) groups=997(libvirtdbus),122(libvirt) + # call should work + $ busctl call org.libvirt /org/libvirt/QEMU org.libvirt.Connect ListDomains u 0 + + bad: + Call failed: Failed to connect socket to '/var/run/libvirt/libvirt-sock': Permission denied + good: + ao 0 + + [Regression Potential] + + * The change only does the group add, no regression expected except a + potential security issue. That was brought up and signed off by + security in comment #13 => + https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1802005/comments/13 + + [Other Info] + + * The package also was an FTBFS which this upload fixes as well. + That change is only to the build-time self tests, so again no change to + the runtime behavior due to the changes. + This FTFBS is only present with newer libvirt, and therefore the Focal + SRU will only have the permissions change, but depending on timing the + groovy upload might become a zero day SRU hence I wanted to mention. + + + ---- + + Package: libvirt-dbus Version: 1.2.0-1 DistroRelease: Ubuntu 18.10 libvirt-dbus seems to be completely broken for the system connection: root:~# busctl call org.libvirt /org/libvirt/QEMU org.libvirt.Connect ListDomains u 0 Failed to connect socket to '/var/run/libvirt/libvirt-sock': Permission denied root:~# ls -l /var/run/libvirt/libvirt-sock srwxrwx--- 1 root libvirt 0 Nov 6 15:15 /var/run/libvirt/libvirt-sock root:~# ps aux|grep libvirtd root 1434 0.0 3.4 1038028 35212 ? Ssl 15:15 0:00 /usr/sbin/libvirtd The same happens for a user that is in the "libvirt" group. On Fedora and also Debian testing (which has the exact same libvirt-dbus package), the socket has permissions 777 instead of 770, where it works. I don't have an idea where the wrong permissions are set.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1802005 Title: socket is inaccessible for libvirt-dbus To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1802005/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
