** Description changed:
+ [Impact]
+
+ * A rather old bug which could have been solved much sooner. Attr support
+ was disabled way back in time for triggering some test issues. Since
+ then the test issues and also many more rough edges of ATTR support have
+ been fixed.
+
+ * This change shall enable attr support again which allows libvirt to
+ remember and carry ownership information on image files as extended
+ attributes.
+
+ [Test Case]
+
+ * Prepare a guest that you can start/stop e.g. with uvtool-libvirt
+ * Own the image by anything other than root:root
+ * Start the guest (ownership will change to the user the guest runs as)
+ * Stop the guest:
+ - fail: will set root:root to the images effectively stealing them
+ - correct: remembers the old ownership and restores that
+
+ [Regression Potential]
+
+ * This mostly influences DAC control of files, which is exactly what we
+ want to fix. There are a few lifecycle tasks which now also have to
+ carry labels e.g. on any image handling. I don't expect regressions, but
+ this is the place to look out for.
+ * The behavior on File systems unable to XATTR matches that of the
+ formerly disable feature, so on those cases where it has no positive
+ change it will have no change at all.
+
+ [Other Info]
+
+ * Technically we could backport this into all releases, but while I find
+ it right to fix in Focal OTOH Bionic and even more so Xenial really are
+ even "more stable" after their time in the field. Users either have
+ adapted already or even rely/expect the semi-broken behavior. Therefore
+ this is only targetting Focal intentionally.
+
+ * (very) worst case one can set the FS the images are on to "nouser_xattr"
+ as mount option.
+
+
+ ---
+
Natty (and it was also the same on Maverick, IIRC).
When you assign an ISO to a VM, libvirt will take over onwership of the
ISO. This creates problems if the ISO is updated.
For example, I am daily updating the Natty server ISOs, and running
tests on them via KVM (all automated). The ISO updates will fail because
libvirt chowns them.
I see no reason for this: libvirt only needs the ISO as input.
WORKAROUND:
edit /etc/libvirt/qemu.conf, change 'dynamic_ownership = 0', restart
qemu/KVM.
** Also affects: libvirt (Ubuntu Focal)
Importance: Undecided
Status: New
** Changed in: libvirt (Ubuntu Focal)
Importance: Undecided => Medium
** Changed in: libvirt (Ubuntu Focal)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/691590
Title:
libvirt restore exactly the old ownership of images
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/691590/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
