Browse code
Fix libguestfs on Ubuntu
libguestfs does not work on ubuntu because the kernel is not
world readable. This breaks file injection with libvirt.
See https://bugs.launchpad.net/ubuntu/+source/linux/+bug/759725
for more details.
The workaround proposed by Ubuntu is to relax the kernel ACL
if needed, so we need to do that in case file injection is
enabled on an Ubuntu host running libvirt.
Partial-bug: #1646002
Change-Id: I405793b9e145308e51a08710d8e5df720aec6fde
Andrea Frittoli authored on 2016/12/01 05:44:44Showing 1 changed files
| ... | ... |
@@ -105,6 +105,16 @@ function install_nova_hypervisor {
|
| 105 | 105 |
if [[ "$ENABLE_FILE_INJECTION" == "True" ]] ; then |
| 106 | 106 |
if is_ubuntu; then |
| 107 | 107 |
install_package python-guestfs |
| 108 |
+ # NOTE(andreaf) Ubuntu kernel can only be read by root, which breaks libguestfs: |
|
| 109 |
+ # https://bugs.launchpad.net/ubuntu/+source/linux/+bug/759725) |
|
| 110 |
+ INSTALLED_KERNELS="$(ls /boot/vmlinuz-*)" |
|
| 111 |
+ for kernel in $INSTALLED_KERNELS; do |
|
| 112 |
+ STAT_OVERRIDE="root root 644 ${kernel}"
|
|
| 113 |
+ # unstack won't remove the statoverride, so make this idempotent |
|
| 114 |
+ if [[ ! $(dpkg-statoverride --list | grep "$STAT_OVERRIDE") ]]; then |
|
| 115 |
+ sudo dpkg-statoverride --add --update $STAT_OVERRIDE |
|
| 116 |
+ fi |
|
| 117 |
+ done |
|
| 108 | 118 |
elif is_fedora || is_suse; then |
| 109 | 119 |
install_package python-libguestfs |
| 110 | 120 |
fi |