* [PATCH] test: fix 'make assets' failure as root
@ 2025-09-25 5:43 Yumei Huang
2025-09-25 6:25 ` David Gibson
2025-09-25 8:53 ` Richard W.M. Jones
0 siblings, 2 replies; 7+ messages in thread
From: Yumei Huang @ 2025-09-25 5:43 UTC (permalink / raw)
To: passt-dev, sbrivio; +Cc: david, yuhuang, rjones, berrange
Running `make assets` under `test` as root fails with a "Permission denied"
error when `prepare-distro-img.sh` invokes `virt-edit` and `guestfish`. This
is due to a known bug in libvirt.
Work around the issue by switching to the direct backend.
Signed-off-by: Yumei Huang <yuhuang@redhat.com>
---
test/prepare-distro-img.sh | 2 ++
1 file changed, 2 insertions(+)
diff --git a/test/prepare-distro-img.sh b/test/prepare-distro-img.sh
index 0d967c9..423eea7 100755
--- a/test/prepare-distro-img.sh
+++ b/test/prepare-distro-img.sh
@@ -3,6 +3,8 @@
IMG="$1"
PASST_FILES="$(echo ../*.c ../*.h ../*.sh ../*.1 ../Makefile ../README.md)"
+export LIBGUESTFS_BACKEND=direct
+
virt-edit -a $IMG /lib/systemd/system/serial-getty@.service -e 's/ExecStart=.*/ExecStart=\/sbin\/agetty --autologin root -8 --keep-baud 115200,38400,9600 %I $TERM/g'
guestfish --rw -a $IMG -i <<EOF
--
2.47.0
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] test: fix 'make assets' failure as root
2025-09-25 5:43 [PATCH] test: fix 'make assets' failure as root Yumei Huang
@ 2025-09-25 6:25 ` David Gibson
2025-09-25 8:53 ` Richard W.M. Jones
1 sibling, 0 replies; 7+ messages in thread
From: David Gibson @ 2025-09-25 6:25 UTC (permalink / raw)
To: Yumei Huang; +Cc: passt-dev, sbrivio, rjones, berrange
[-- Attachment #1: Type: text/plain, Size: 1408 bytes --]
On Thu, Sep 25, 2025 at 01:43:06PM +0800, Yumei Huang wrote:
> Running `make assets` under `test` as root fails with a "Permission denied"
> error when `prepare-distro-img.sh` invokes `virt-edit` and `guestfish`. This
> is due to a known bug in libvirt.
>
> Work around the issue by switching to the direct backend.
>
> Signed-off-by: Yumei Huang <yuhuang@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
The libvirt & libguestfs people don't particularly like this approach,
but I think it's reasonable for our needs.
> ---
> test/prepare-distro-img.sh | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/test/prepare-distro-img.sh b/test/prepare-distro-img.sh
> index 0d967c9..423eea7 100755
> --- a/test/prepare-distro-img.sh
> +++ b/test/prepare-distro-img.sh
> @@ -3,6 +3,8 @@
> IMG="$1"
> PASST_FILES="$(echo ../*.c ../*.h ../*.sh ../*.1 ../Makefile ../README.md)"
>
> +export LIBGUESTFS_BACKEND=direct
> +
> virt-edit -a $IMG /lib/systemd/system/serial-getty@.service -e 's/ExecStart=.*/ExecStart=\/sbin\/agetty --autologin root -8 --keep-baud 115200,38400,9600 %I $TERM/g'
>
> guestfish --rw -a $IMG -i <<EOF
> --
> 2.47.0
>
--
David Gibson (he or they) | I'll have my music baroque, and my code
david AT gibson.dropbear.id.au | minimalist, thank you, not the other way
| around.
http://www.ozlabs.org/~dgibson
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] test: fix 'make assets' failure as root
2025-09-25 5:43 [PATCH] test: fix 'make assets' failure as root Yumei Huang
2025-09-25 6:25 ` David Gibson
@ 2025-09-25 8:53 ` Richard W.M. Jones
2025-09-25 9:40 ` Stefano Brivio
1 sibling, 1 reply; 7+ messages in thread
From: Richard W.M. Jones @ 2025-09-25 8:53 UTC (permalink / raw)
To: Yumei Huang; +Cc: passt-dev, sbrivio, david, berrange
On Thu, Sep 25, 2025 at 01:43:06PM +0800, Yumei Huang wrote:
> Running `make assets` under `test` as root fails with a "Permission denied"
> error when `prepare-distro-img.sh` invokes `virt-edit` and `guestfish`. This
> is due to a known bug in libvirt.
>
> Work around the issue by switching to the direct backend.
>
> Signed-off-by: Yumei Huang <yuhuang@redhat.com>
> ---
> test/prepare-distro-img.sh | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/test/prepare-distro-img.sh b/test/prepare-distro-img.sh
> index 0d967c9..423eea7 100755
> --- a/test/prepare-distro-img.sh
> +++ b/test/prepare-distro-img.sh
> @@ -3,6 +3,8 @@
> IMG="$1"
> PASST_FILES="$(echo ../*.c ../*.h ../*.sh ../*.1 ../Makefile ../README.md)"
>
> +export LIBGUESTFS_BACKEND=direct
Please add a comment that this is only added as a temporary hack until
we can get a proper fix (in libguestfs possibly, see Dan's earlier
email).
Rich.
> virt-edit -a $IMG /lib/systemd/system/serial-getty@.service -e 's/ExecStart=.*/ExecStart=\/sbin\/agetty --autologin root -8 --keep-baud 115200,38400,9600 %I $TERM/g'
>
> guestfish --rw -a $IMG -i <<EOF
> --
> 2.47.0
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://libguestfs.org
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] test: fix 'make assets' failure as root
2025-09-25 8:53 ` Richard W.M. Jones
@ 2025-09-25 9:40 ` Stefano Brivio
2025-09-25 10:27 ` Richard W.M. Jones
0 siblings, 1 reply; 7+ messages in thread
From: Stefano Brivio @ 2025-09-25 9:40 UTC (permalink / raw)
To: Richard W.M. Jones; +Cc: Yumei Huang, passt-dev, david, berrange
On Thu, 25 Sep 2025 09:53:06 +0100
"Richard W.M. Jones" <rjones@redhat.com> wrote:
> On Thu, Sep 25, 2025 at 01:43:06PM +0800, Yumei Huang wrote:
> > Running `make assets` under `test` as root fails with a "Permission denied"
> > error when `prepare-distro-img.sh` invokes `virt-edit` and `guestfish`. This
> > is due to a known bug in libvirt.
> >
> > Work around the issue by switching to the direct backend.
> >
> > Signed-off-by: Yumei Huang <yuhuang@redhat.com>
> > ---
> > test/prepare-distro-img.sh | 2 ++
> > 1 file changed, 2 insertions(+)
> >
> > diff --git a/test/prepare-distro-img.sh b/test/prepare-distro-img.sh
> > index 0d967c9..423eea7 100755
> > --- a/test/prepare-distro-img.sh
> > +++ b/test/prepare-distro-img.sh
> > @@ -3,6 +3,8 @@
> > IMG="$1"
> > PASST_FILES="$(echo ../*.c ../*.h ../*.sh ../*.1 ../Makefile ../README.md)"
> >
> > +export LIBGUESTFS_BACKEND=direct
>
> Please add a comment that this is only added as a temporary hack until
> we can get a proper fix (in libguestfs possibly, see Dan's earlier
> email).
On the other hand, regardless of that fix, I would be happy to be run
this on single-user Alpine L1 guests, eventually, where libguestfs
doesn't depend on libvirt (see my caveat 2.), and I usually reserve
very little disk space for those.
If you don't have compelling reasons (like you're dropping
LIBGUESTFS_BACKEND=direct in two weeks), I would simply keep this as
long as it works. The day you drop that, we'll drop this too.
This part won't be executed as part of automated distribution tests
either, so occasional breakages are really unproblematic.
Do you see any further issue with it?
--
Stefano
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] test: fix 'make assets' failure as root
2025-09-25 9:40 ` Stefano Brivio
@ 2025-09-25 10:27 ` Richard W.M. Jones
2025-09-25 10:54 ` Stefano Brivio
0 siblings, 1 reply; 7+ messages in thread
From: Richard W.M. Jones @ 2025-09-25 10:27 UTC (permalink / raw)
To: Stefano Brivio; +Cc: Yumei Huang, passt-dev, david, berrange
On Thu, Sep 25, 2025 at 11:40:25AM +0200, Stefano Brivio wrote:
> On Thu, 25 Sep 2025 09:53:06 +0100
> "Richard W.M. Jones" <rjones@redhat.com> wrote:
>
> > On Thu, Sep 25, 2025 at 01:43:06PM +0800, Yumei Huang wrote:
> > > Running `make assets` under `test` as root fails with a "Permission denied"
> > > error when `prepare-distro-img.sh` invokes `virt-edit` and `guestfish`. This
> > > is due to a known bug in libvirt.
> > >
> > > Work around the issue by switching to the direct backend.
> > >
> > > Signed-off-by: Yumei Huang <yuhuang@redhat.com>
> > > ---
> > > test/prepare-distro-img.sh | 2 ++
> > > 1 file changed, 2 insertions(+)
> > >
> > > diff --git a/test/prepare-distro-img.sh b/test/prepare-distro-img.sh
> > > index 0d967c9..423eea7 100755
> > > --- a/test/prepare-distro-img.sh
> > > +++ b/test/prepare-distro-img.sh
> > > @@ -3,6 +3,8 @@
> > > IMG="$1"
> > > PASST_FILES="$(echo ../*.c ../*.h ../*.sh ../*.1 ../Makefile ../README.md)"
> > >
> > > +export LIBGUESTFS_BACKEND=direct
> >
> > Please add a comment that this is only added as a temporary hack until
> > we can get a proper fix (in libguestfs possibly, see Dan's earlier
> > email).
>
> On the other hand, regardless of that fix, I would be happy to be run
> this on single-user Alpine L1 guests, eventually, where libguestfs
> doesn't depend on libvirt (see my caveat 2.), and I usually reserve
> very little disk space for those.
The upstream default is backend 'direct'. In Fedora & RHEL we
override this with 'libvirt':
https://src.fedoraproject.org/rpms/libguestfs/blob/rawhide/f/libguestfs.spec#_714
I don't know what Alpine does, but likely it leaves it at the default.
(You can try: `guestfish get-backend`)
> If you don't have compelling reasons (like you're dropping
> LIBGUESTFS_BACKEND=direct in two weeks), I would simply keep this as
> long as it works. The day you drop that, we'll drop this too.
We're not dropping the environment variable / feature ever. The
problem is that this was cargo-culted into a lot of code over the
years, and it does reduce the security of libguestfs on RHEL. We're
having an (ongoing) battle to remove this cargo-culting from CNV right
now. I'm just not keen to add this line in new places, without at
least a comment saying this is a temporary hack, and not generally
recommended.
> This part won't be executed as part of automated distribution tests
> either, so occasional breakages are really unproblematic.
>
> Do you see any further issue with it?
>
> --
> Stefano
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages. http://libguestfs.org
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] test: fix 'make assets' failure as root
2025-09-25 10:27 ` Richard W.M. Jones
@ 2025-09-25 10:54 ` Stefano Brivio
2025-09-26 1:00 ` Yumei Huang
0 siblings, 1 reply; 7+ messages in thread
From: Stefano Brivio @ 2025-09-25 10:54 UTC (permalink / raw)
To: Richard W.M. Jones; +Cc: Yumei Huang, passt-dev, david, berrange
On Thu, 25 Sep 2025 11:27:49 +0100
"Richard W.M. Jones" <rjones@redhat.com> wrote:
> On Thu, Sep 25, 2025 at 11:40:25AM +0200, Stefano Brivio wrote:
> > On Thu, 25 Sep 2025 09:53:06 +0100
> > "Richard W.M. Jones" <rjones@redhat.com> wrote:
> >
> > > On Thu, Sep 25, 2025 at 01:43:06PM +0800, Yumei Huang wrote:
> > > > Running `make assets` under `test` as root fails with a "Permission denied"
> > > > error when `prepare-distro-img.sh` invokes `virt-edit` and `guestfish`. This
> > > > is due to a known bug in libvirt.
> > > >
> > > > Work around the issue by switching to the direct backend.
> > > >
> > > > Signed-off-by: Yumei Huang <yuhuang@redhat.com>
> > > > ---
> > > > test/prepare-distro-img.sh | 2 ++
> > > > 1 file changed, 2 insertions(+)
> > > >
> > > > diff --git a/test/prepare-distro-img.sh b/test/prepare-distro-img.sh
> > > > index 0d967c9..423eea7 100755
> > > > --- a/test/prepare-distro-img.sh
> > > > +++ b/test/prepare-distro-img.sh
> > > > @@ -3,6 +3,8 @@
> > > > IMG="$1"
> > > > PASST_FILES="$(echo ../*.c ../*.h ../*.sh ../*.1 ../Makefile ../README.md)"
> > > >
> > > > +export LIBGUESTFS_BACKEND=direct
> > >
> > > Please add a comment that this is only added as a temporary hack until
> > > we can get a proper fix (in libguestfs possibly, see Dan's earlier
> > > email).
> >
> > On the other hand, regardless of that fix, I would be happy to be run
> > this on single-user Alpine L1 guests, eventually, where libguestfs
> > doesn't depend on libvirt (see my caveat 2.), and I usually reserve
> > very little disk space for those.
>
> The upstream default is backend 'direct'. In Fedora & RHEL we
> override this with 'libvirt':
>
> https://src.fedoraproject.org/rpms/libguestfs/blob/rawhide/f/libguestfs.spec#_714
Ah, sorry, I had no idea!
> I don't know what Alpine does, but likely it leaves it at the default.
> (You can try: `guestfish get-backend`)
Yes, this is guestfs-tools and libguestfs 1.56.1-r0 on Alpine:
# guestfish get-backend
direct
Same on any modern Debian, openSUSE, Ubuntu.
> > If you don't have compelling reasons (like you're dropping
> > LIBGUESTFS_BACKEND=direct in two weeks), I would simply keep this as
> > long as it works. The day you drop that, we'll drop this too.
>
> We're not dropping the environment variable / feature ever. The
> problem is that this was cargo-culted into a lot of code over the
> years, and it does reduce the security of libguestfs on RHEL. We're
> having an (ongoing) battle to remove this cargo-culting from CNV right
> now. I'm just not keen to add this line in new places, without at
> least a comment saying this is a temporary hack, and not generally
> recommended.
Oh, I see, that makes sense.
But then, Yumei, we should also add to that comment (sorry, this is
becoming much more complicated than I thought...) that the workaround
is for Fedora and related distributions.
--
Stefao
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: [PATCH] test: fix 'make assets' failure as root
2025-09-25 10:54 ` Stefano Brivio
@ 2025-09-26 1:00 ` Yumei Huang
0 siblings, 0 replies; 7+ messages in thread
From: Yumei Huang @ 2025-09-26 1:00 UTC (permalink / raw)
To: Stefano Brivio; +Cc: Richard W.M. Jones, passt-dev, david, berrange
On Thu, Sep 25, 2025 at 6:54 PM Stefano Brivio <sbrivio@redhat.com> wrote:
>
> On Thu, 25 Sep 2025 11:27:49 +0100
> "Richard W.M. Jones" <rjones@redhat.com> wrote:
>
> > On Thu, Sep 25, 2025 at 11:40:25AM +0200, Stefano Brivio wrote:
> > > On Thu, 25 Sep 2025 09:53:06 +0100
> > > "Richard W.M. Jones" <rjones@redhat.com> wrote:
> > >
> > > > On Thu, Sep 25, 2025 at 01:43:06PM +0800, Yumei Huang wrote:
> > > > > Running `make assets` under `test` as root fails with a "Permission denied"
> > > > > error when `prepare-distro-img.sh` invokes `virt-edit` and `guestfish`. This
> > > > > is due to a known bug in libvirt.
> > > > >
> > > > > Work around the issue by switching to the direct backend.
> > > > >
> > > > > Signed-off-by: Yumei Huang <yuhuang@redhat.com>
> > > > > ---
> > > > > test/prepare-distro-img.sh | 2 ++
> > > > > 1 file changed, 2 insertions(+)
> > > > >
> > > > > diff --git a/test/prepare-distro-img.sh b/test/prepare-distro-img.sh
> > > > > index 0d967c9..423eea7 100755
> > > > > --- a/test/prepare-distro-img.sh
> > > > > +++ b/test/prepare-distro-img.sh
> > > > > @@ -3,6 +3,8 @@
> > > > > IMG="$1"
> > > > > PASST_FILES="$(echo ../*.c ../*.h ../*.sh ../*.1 ../Makefile ../README.md)"
> > > > >
> > > > > +export LIBGUESTFS_BACKEND=direct
> > > >
> > > > Please add a comment that this is only added as a temporary hack until
> > > > we can get a proper fix (in libguestfs possibly, see Dan's earlier
> > > > email).
> > >
> > > On the other hand, regardless of that fix, I would be happy to be run
> > > this on single-user Alpine L1 guests, eventually, where libguestfs
> > > doesn't depend on libvirt (see my caveat 2.), and I usually reserve
> > > very little disk space for those.
> >
> > The upstream default is backend 'direct'. In Fedora & RHEL we
> > override this with 'libvirt':
> >
> > https://src.fedoraproject.org/rpms/libguestfs/blob/rawhide/f/libguestfs.spec#_714
>
> Ah, sorry, I had no idea!
>
> > I don't know what Alpine does, but likely it leaves it at the default.
> > (You can try: `guestfish get-backend`)
>
> Yes, this is guestfs-tools and libguestfs 1.56.1-r0 on Alpine:
>
> # guestfish get-backend
> direct
>
> Same on any modern Debian, openSUSE, Ubuntu.
>
> > > If you don't have compelling reasons (like you're dropping
> > > LIBGUESTFS_BACKEND=direct in two weeks), I would simply keep this as
> > > long as it works. The day you drop that, we'll drop this too.
> >
> > We're not dropping the environment variable / feature ever. The
> > problem is that this was cargo-culted into a lot of code over the
> > years, and it does reduce the security of libguestfs on RHEL. We're
> > having an (ongoing) battle to remove this cargo-culting from CNV right
> > now. I'm just not keen to add this line in new places, without at
> > least a comment saying this is a temporary hack, and not generally
> > recommended.
>
> Oh, I see, that makes sense.
>
> But then, Yumei, we should also add to that comment (sorry, this is
> becoming much more complicated than I thought...) that the workaround
> is for Fedora and related distributions.
I will update in v2. Thank you all for the comments.
>
> --
> Stefao
>
--
Thanks,
Yumei Huang
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2025-09-26 1:00 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-09-25 5:43 [PATCH] test: fix 'make assets' failure as root Yumei Huang
2025-09-25 6:25 ` David Gibson
2025-09-25 8:53 ` Richard W.M. Jones
2025-09-25 9:40 ` Stefano Brivio
2025-09-25 10:27 ` Richard W.M. Jones
2025-09-25 10:54 ` Stefano Brivio
2025-09-26 1:00 ` Yumei Huang
Code repositories for project(s) associated with this public inbox
https://passt.top/passt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).