Fix libguestfs on Ubuntu

libguestfs does not work on ubuntu because the kernel is not world readable. This breaks file injection with libvirt. See https://bugs.launchpad.net/ubuntu/+source/linux/+bug/759725 for more details. The workaround proposed by Ubuntu is to relax the kernel ACL if needed, so we need to do that in case file injection is enabled on an Ubuntu host running libvirt. Partial-bug: #1646002 Change-Id: I405793b9e145308e51a08710d8e5df720aec6fde (cherry picked from commit 1c442eebc8)
2016-11-30 20:44:44 +00:00 · 2016-11-30 20:44:44 +00:00 · 5d76eaf937
parent a0186f08fe
commit 5d76eaf937
1 changed files with 10 additions and 0 deletions
--- a/lib/nova_plugins/hypervisor-libvirt
+++ b/lib/nova_plugins/hypervisor-libvirt
@ -105,6 +105,16 @@ function install_nova_hypervisor {
    if [[ "$ENABLE_FILE_INJECTION" == "True" ]] ; then
        if is_ubuntu; then
            install_package python-guestfs
+            # NOTE(andreaf) Ubuntu kernel can only be read by root, which breaks libguestfs:
+            # https://bugs.launchpad.net/ubuntu/+source/linux/+bug/759725)
+            INSTALLED_KERNELS="$(ls /boot/vmlinuz-*)"
+            for kernel in $INSTALLED_KERNELS; do
+                STAT_OVERRIDE="root root 644 ${kernel}"
+                # unstack won't remove the statoverride, so make this idempotent
+                if [[ ! $(dpkg-statoverride --list | grep "$STAT_OVERRIDE") ]]; then
+                    sudo dpkg-statoverride --add --update $STAT_OVERRIDE
+                fi
+            done
        elif is_fedora || is_suse; then
            install_package python-libguestfs
        fi