qemu: Add sysusers config file for qemu & kvm user/groups

Install a systemd sysusers config file for the qemu & kvm user/groups.

We can not use the sysusers_create_compat macro in the RPM specfile to
create those users as we want to keep the specfile standalone and not
relying on additionnal files.

Update the specfile to make the commands closer to what is generated by
the current macro.

See: https://src.fedoraproject.org/rpms/libvirt/pull-request/22
See: https://gitlab.com/libvirt/libvirt/-/merge_requests/319
See: https://bugzilla.redhat.com/show_bug.cgi?id=2095429
See: https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/

Based on previous work by: Peter Krempa <pkrempa@redhat.com>
Signed-off-by: Timothée Ravier <tim@siosm.fr>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>

diff --git a/libvirt.spec.in b/libvirt.spec.in
index 8413e3c19a5b4fdf06324689e15e32862dc5c0f5..a411ac651513e4966e592ce6dac96239dabe49f1 100644 (file)
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -1473,6 +1473,7 @@ chmod 600 $RPM_BUILD_ROOT%{_sysconfdir}/libvirt/nwfilter/*.xml
     %if ! %{with_qemu}
 rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/libvirtd_qemu.aug
 rm -f $RPM_BUILD_ROOT%{_datadir}/augeas/lenses/tests/test_libvirtd_qemu.aug
+rm -f $RPM_BUILD_ROOT%{_sysusersdir}/libvirt-qemu.conf
     %endif
 %find_lang %{name}
 
@@ -1834,16 +1835,19 @@ exit 0
 %pre daemon-driver-qemu
 %libvirt_sysconfig_pre virtqemud
 %libvirt_systemd_unix_pre virtqemud
+
 # We want soft static allocation of well-known ids, as disk images
-# are commonly shared across NFS mounts by id rather than name; see
-# https://fedoraproject.org/wiki/Packaging:UsersAndGroups
-getent group kvm >/dev/null || groupadd -f -g 36 -r kvm
-getent group qemu >/dev/null || groupadd -f -g 107 -r qemu
-if ! getent passwd qemu >/dev/null; then
-  if ! getent passwd 107 >/dev/null; then
-    useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu
+# are commonly shared across NFS mounts by id rather than name.
+# See https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/
+# We can not use the sysusers_create_compat macro here as we want to keep the
+# specfile standalone and not relying on additionnal files.
+getent group 'kvm' >/dev/null || groupadd -f -g '36' -r 'kvm' || :
+getent group 'qemu' >/dev/null || groupadd -f -g '107' -r 'qemu' || :
+if ! getent passwd 'qemu' >/dev/null; then
+  if ! getent passwd '107' >/dev/null; then
+    useradd -r -u '107' -g 'qemu' -G 'kvm' -d '/' -s '/sbin/nologin' -c 'qemu user' 'qemu' || :
   else
-    useradd -r -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu
+    useradd -r -g 'qemu' -G 'kvm' -d '/' -s '/sbin/nologin' -c 'qemu user' 'qemu' || :
   fi
 fi
 exit 0
@@ -2246,6 +2250,7 @@ exit 0
 %{_bindir}/virt-qemu-run
 %{_mandir}/man1/virt-qemu-run.1*
 %{_mandir}/man8/virtqemud.8*
+%{_sysusersdir}/libvirt-qemu.conf
     %endif
 
     %if %{with_lxc}

diff --git a/src/qemu/libvirt-qemu.sysusers.conf b/src/qemu/libvirt-qemu.sysusers.conf
new file mode 100644 (file)
index 0000000..3189191
--- /dev/null
+++ b/src/qemu/libvirt-qemu.sysusers.conf
@@ -0,0 +1,4 @@
+g kvm 36
+g qemu 107
+u qemu 107:qemu "qemu user" - -
+m qemu kvm

diff --git a/src/qemu/meson.build b/src/qemu/meson.build
index 4c3e1dee78dad547dfa579b7e28f477a0e080b0e..7a0e908a669be086e12023b3ee1a2bc075b91e22 100644 (file)
--- a/src/qemu/meson.build
+++ b/src/qemu/meson.build
@@ -160,6 +160,13 @@ if conf.has('WITH_QEMU')
     configuration: qemu_user_group_hack_conf,
   )
 
+  # Install the sysuser config for the qemu driver
+  install_data(
+    'libvirt-qemu.sysusers.conf',
+    install_dir: prefix / 'lib' / 'sysusers.d',
+    rename: [ 'libvirt-qemu.conf' ],
+  )
+
   virt_conf_files += qemu_conf
   virt_aug_files += files('libvirtd_qemu.aug')
   virt_test_aug_files += {