virGetGroupList: always include the primary group

otherwise we're lacking the group to access /dev/kvm

virGetGroupList: always include the primary group
13085423 · Guido Günther · 90a18817 · 13085423 · 13085423
Commit 13085423 authored 11 years ago by Guido Günther
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -10,3 +10,4 @@ Don-t-fail-if-we-can-t-setup-avahi.patch
 Reduce-udevadm-settle-timeout-to-10-seconds.patch
 debian/Debianize-systemd-service-files.patch
 Allow-xen-toolstack-to-find-it-s-binaries.patch
+virGetGroupList-always-include-the-primary-group.patch
--- a/debian/patches/virGetGroupList-always-include-the-primary-group.patch
+++ b/debian/patches/virGetGroupList-always-include-the-primary-group.patch
+From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@sigxcpu.org>
+Date: Mon, 5 Aug 2013 11:07:27 +0200
+Subject: virGetGroupList: always include the primary group
+
+The change from initgroups to virGetGroupList/setgroups in
+cab36cfe71ba83b71e536ba5c98e596f02b697b0 dropped the primary group from
+processes group list iff the passed in group to virGetGroupList differs
+from the user's primary group.
+
+So always include the primary group to bring back the old behaviour.
+
+Debian has the kvm group as primary group but uses
+libvirt-qemu:libvirt-qemu as user:group to run the kvm process so
+without this change the /dev/kvm is inaccesible.
+---
+ src/util/virutil.c | 30 +++++++++++++++++++++---------
+ 1 file changed, 21 insertions(+), 9 deletions(-)
+
+diff --git a/src/util/virutil.c b/src/util/virutil.c
+index 328e36e..247db14 100644
+--- a/src/util/virutil.c
+++ b/src/util/virutil.c
+@@ -972,29 +972,41 @@ virGetGroupID(const char *group, gid_t *gid)
+ }
+ 
+ 
+-/* Compute the list of supplementary groups associated with @uid, and
+- * including @gid in the list (unless it is -1), storing a malloc'd
+- * result into @list.  Return the size of the list on success, or -1
+- * on failure with error reported and errno set. May not be called
+- * between fork and exec. */
+/* Compute the list of groups (primary and supplemental) associated
+ * with @uid, and including @gid in the list (unless it is -1), storing
+ * a malloc'd result into @list.  Return the size of the list on
+ * success, or -1 on failure with error reported and errno set. May not
+ * be called between fork and exec. */
+ int
+ virGetGroupList(uid_t uid, gid_t gid, gid_t **list)
+ {
+     int ret = -1;
+     char *user = NULL;
+    gid_t primary;
+ 
+     *list = NULL;
+     if (uid == (uid_t)-1)
+         return 0;
+ 
+-    if (virGetUserEnt(uid, &user,
+-                      gid == (gid_t)-1 ? &gid : NULL, NULL) < 0)
+    if (virGetUserEnt(uid, &user, &primary, NULL) < 0)
+         return -1;
+ 
+-    ret = mgetgroups(user, gid, list);
+-    if (ret < 0)
+    ret = mgetgroups(user, primary, list);
+    if (ret < 0) {
+         virReportSystemError(errno,
+                              _("cannot get group list for '%s'"), user);
+        goto cleanup;
+    }
+
+    if (gid != (gid_t)-1) {
+        if (VIR_REALLOC_N(*list, ++ret) < 0) {
+            VIR_FREE(*list);
+            goto cleanup;
+        }
+        (*list)[ret-1] = gid;
+    }
+
+cleanup:
+     VIR_FREE(user);
+     return ret;
+ }