CVE-2013-1766: Use libvirt-qemu as group to run qemu/kvm instances

This makes sure we don't chown files to groups possibly used by other programs. Closes: #701649

CVE-2013-1766: Use libvirt-qemu as group to run qemu/kvm instances
6270001c · Guido Günther · b1e4d651 · 6270001c · 6270001c · 6270001c
Commit 6270001c authored 12 years ago by Guido Günther
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -56,6 +56,9 @@ Access Control
 Access to the libvirt socket is controlled by membership in the "libvirt" group.
 If you want to manage VMs as non root you need to add a user to that group.

+System QEMU/KVM processes are run as user and group libvirt-qemu. This can be
+adjusted via /etc/libvirt/qemu.conf.
+
 QEMU/KVM: Dropping Capabilties
 ==============================
 Network interfaces of type "ethernet" use a script like /etc/qemu-ifup to set up

--- a/debian/libvirt-bin.NEWS
+++ b/debian/libvirt-bin.NEWS
+libvirt (1.0.2-3) experimental; urgency=low
+
+  For qemu:///system KVM/QEMU processes now run as group libvirt-qemu. This
+  makes sure image files and volumes aren't accessible by users in the more
+  general and previously used kvm group. To change this behaviour adjust the
+  group option in /etc/libvirt/qemu.conf.
+
+ -- Guido Günther <agx@sigxcpu.org>  Tue, 26 Feb 2013 06:30:48 +0100
+
 libvirt (0.8.3-2) unstable; urgency=low

  Disk format probing is disabled now by default for security reasons

--- a/debian/libvirt-bin.postinst
+++ b/debian/libvirt-bin.postinst
@@ -27,6 +27,9 @@ add_users_groups()
    if ! getent group kvm >/dev/null; then
        addgroup --quiet --system kvm
    fi
+    if ! getent group libvirt-qemu >/dev/null; then
+        addgroup --quiet --system libvirt-qemu
+    fi
    if ! getent passwd libvirt-qemu >/dev/null; then
        adduser --quiet \
            --system \
@@ -39,6 +42,7 @@ add_users_groups()
            -gecos "Libvirt Qemu" \
            libvirt-qemu
    fi
+    adduser libvirt-qemu libvirt-qemu
 }



--- a/debian/libvirt-bin.postrm
+++ b/debian/libvirt-bin.postrm
@@ -25,6 +25,14 @@ case "$1" in
    		delgroup libvirt || true
 	fi

+    	if getent user libvirt-qemu >/dev/null; then
+    		deluser libvirt || true
+	fi
+
+    	if getent group libvirt-qemu >/dev/null; then
+    		delgroup libvirt || true
+	fi
+
 	rm -rf /var/log/libvirt
    ;;
    remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)

--- a/debian/rules
+++ b/debian/rules
@@ -71,7 +71,7 @@ DEB_CONFIGURE_EXTRA_FLAGS :=     \
 	--disable-rpath          \
 	$(WITH_QEMU)		 \
 	--with-qemu-user=libvirt-qemu  \
-	--with-qemu-group=kvm    \
+	--with-qemu-group=libvirt-qemu \
        $(WITH_OPENVZ)		 \
 	--with-avahi             \
 	--with-sasl              \