From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=redhat.com Authentication-Results: passt.top; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=dwa6kYLY; dkim-atps=neutral Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by passt.top (Postfix) with ESMTPS id 86F5A5A0275 for ; Thu, 25 Sep 2025 12:54:48 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1758797687; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Mu2bJopCH2mCPm2NMI00CK0b7X6QvNke3kTmz8Fqyoo=; b=dwa6kYLYZQY+93Y9ePru9G7SKH+ZuCzCi5hp+G/F3+2sEw9bFAXfgv4nMmi/LOu0TfLoal FBf3TO6GuUZZIee8tNnCvEKgNDS0BHk/Dh7d0z2hMDbA5QqjnCkIsKkaAhTFlEIJfMhnj6 jGCg2yLcPuBcu0Cqx90NmvM6KX5lGKw= Received: from mail-wm1-f69.google.com (mail-wm1-f69.google.com [209.85.128.69]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-58-_ADWvDbLPzGCToKCsQzc1g-1; Thu, 25 Sep 2025 06:54:46 -0400 X-MC-Unique: _ADWvDbLPzGCToKCsQzc1g-1 X-Mimecast-MFC-AGG-ID: _ADWvDbLPzGCToKCsQzc1g_1758797685 Received: by mail-wm1-f69.google.com with SMTP id 5b1f17b1804b1-45e05ff0b36so8849035e9.0 for ; Thu, 25 Sep 2025 03:54:46 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1758797685; x=1759402485; h=content-transfer-encoding:mime-version:organization:references :in-reply-to:message-id:subject:cc:to:from:date:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=Mu2bJopCH2mCPm2NMI00CK0b7X6QvNke3kTmz8Fqyoo=; b=jhJSgmX2wA8M7XH1WrlB0j6uxR5DxKkSzalSta2NgRJ+uIIckJOqybucFeaVRVxYWI rF8Bs4o1trmaQWnbzTSPBNRdkBm1WgoukJGKC/t6xL7HlN9chT4wsbHlPiUk8Ae7m3w1 zEcdlhGeHIdg+FUtNNjGoduHdRoX+ligUioOK9KgK8ZLoWddxXgvtSN0MpsGY8Yb3qrm H2t6hPNrpJ8KeJS1Bf3JT5DvrqD/S1xjPzwm5k9g7rM1bCpRFT4oNWcTvjI4l4tTx4mk V4SDESo1A1GByTUBY3oN3wrb6FoUYzgi8B86mNYxrI0GFhpQ9wW7f0yk0QQnQsVjOnfb +Pqw== X-Forwarded-Encrypted: i=1; AJvYcCVUW6JCOw9tCO36TsaFHdGNs1F1h5oHixdore5PCJERoJqomk50AYG/odRoOMI6UxH66RuVLYEZsZc=@passt.top X-Gm-Message-State: AOJu0YyHg3KdBHprOg5JBxiTEZjTxXqQimPEsl5ew8GIMVS2E1LsDEie 7nI2xEAee2I40PYrwSMtOTinoJ+vauNR3x1DVyENERmghAwmPJOpjvi0lYEekMWiw+vhlPOUGVQ 9+9IBOF6jBVL2PbANp11yfzxcI9f2oZDwelEuuBm9aXaj7o/0XP5leQ== X-Gm-Gg: ASbGncs/vya998SBuMA+JoYnZXTKWDZTJLWl7y69BY6CZiD86Li/vaBye8Ez69633g0 w0Wo/Zloue4nnzHRthbAFEJQplY6E94bkyZCvbfjeKe3H9GVMab2C95z1QD0Cx4DcxbczzwXSc6 Il7neT4BR93NX4GXQbEsmkTsqp1JgkXOFNf2IFih6yL0lJylpeV64gXcx4CmB/dOOPIe/QhWhtZ 1heSdNRUP3n1N25vfebmxsbsKpnlevSoSVGJlyrcj5Kpm9pGx8/i09wyQU2MEiFvhmy7wDzufkV 79gIBn6LZuEJfNbsLe3jlxxyMswEEHZs91Wbh2V5jA3GiWUIjlI= X-Received: by 2002:a05:600c:620c:b0:45d:e775:d8b8 with SMTP id 5b1f17b1804b1-46e33c297d7mr22233435e9.1.1758797684884; Thu, 25 Sep 2025 03:54:44 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFb87jMjKmAfpMJzzQxMO+TsD3WEeNdd3SNpGglOlAkRaCEbDsl4VPAvyqMaP0TWBVn8FwpXA== X-Received: by 2002:a05:600c:620c:b0:45d:e775:d8b8 with SMTP id 5b1f17b1804b1-46e33c297d7mr22233125e9.1.1758797684310; Thu, 25 Sep 2025 03:54:44 -0700 (PDT) Received: from maya.myfinge.rs (ifcgrfdd.trafficplex.cloud. [2a10:fc81:a806:d6a9::1]) by smtp.gmail.com with ESMTPSA id 5b1f17b1804b1-46e2ab48c28sm71858465e9.18.2025.09.25.03.54.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 25 Sep 2025 03:54:43 -0700 (PDT) Date: Thu, 25 Sep 2025 12:54:42 +0200 From: Stefano Brivio To: "Richard W.M. Jones" Subject: Re: [PATCH] test: fix 'make assets' failure as root Message-ID: <20250925125442.1ef9c803@elisabeth> In-Reply-To: <20250925102749.GY1460@redhat.com> References: <20250925054306.15964-1-yuhuang@redhat.com> <20250925085305.GW1460@redhat.com> <20250925114025.14ea1815@elisabeth> <20250925102749.GY1460@redhat.com> Organization: Red Hat X-Mailer: Claws Mail 4.2.0 (GTK 3.24.49; x86_64-pc-linux-gnu) MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: O3BTsEGfVqcr9_QKHHz8htN09ClJ6nLHWWhyUAQ_RLc_1758797685 X-Mimecast-Originator: redhat.com Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-ID-Hash: D4TSJQ4W6MRNUTAXIWEDOB2V4OR7DJ5S X-Message-ID-Hash: D4TSJQ4W6MRNUTAXIWEDOB2V4OR7DJ5S X-MailFrom: sbrivio@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Yumei Huang , passt-dev@passt.top, david@gibson.dropbear.id.au, berrange@redhat.com X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: On Thu, 25 Sep 2025 11:27:49 +0100 "Richard W.M. Jones" wrote: > On Thu, Sep 25, 2025 at 11:40:25AM +0200, Stefano Brivio wrote: > > On Thu, 25 Sep 2025 09:53:06 +0100 > > "Richard W.M. Jones" wrote: > > > > > On Thu, Sep 25, 2025 at 01:43:06PM +0800, Yumei Huang wrote: > > > > Running `make assets` under `test` as root fails with a "Permission denied" > > > > error when `prepare-distro-img.sh` invokes `virt-edit` and `guestfish`. This > > > > is due to a known bug in libvirt. > > > > > > > > Work around the issue by switching to the direct backend. > > > > > > > > Signed-off-by: Yumei Huang > > > > --- > > > > test/prepare-distro-img.sh | 2 ++ > > > > 1 file changed, 2 insertions(+) > > > > > > > > diff --git a/test/prepare-distro-img.sh b/test/prepare-distro-img.sh > > > > index 0d967c9..423eea7 100755 > > > > --- a/test/prepare-distro-img.sh > > > > +++ b/test/prepare-distro-img.sh > > > > @@ -3,6 +3,8 @@ > > > > IMG="$1" > > > > PASST_FILES="$(echo ../*.c ../*.h ../*.sh ../*.1 ../Makefile ../README.md)" > > > > > > > > +export LIBGUESTFS_BACKEND=direct > > > > > > Please add a comment that this is only added as a temporary hack until > > > we can get a proper fix (in libguestfs possibly, see Dan's earlier > > > email). > > > > On the other hand, regardless of that fix, I would be happy to be run > > this on single-user Alpine L1 guests, eventually, where libguestfs > > doesn't depend on libvirt (see my caveat 2.), and I usually reserve > > very little disk space for those. > > The upstream default is backend 'direct'. In Fedora & RHEL we > override this with 'libvirt': > > https://src.fedoraproject.org/rpms/libguestfs/blob/rawhide/f/libguestfs.spec#_714 Ah, sorry, I had no idea! > I don't know what Alpine does, but likely it leaves it at the default. > (You can try: `guestfish get-backend`) Yes, this is guestfs-tools and libguestfs 1.56.1-r0 on Alpine: # guestfish get-backend direct Same on any modern Debian, openSUSE, Ubuntu. > > If you don't have compelling reasons (like you're dropping > > LIBGUESTFS_BACKEND=direct in two weeks), I would simply keep this as > > long as it works. The day you drop that, we'll drop this too. > > We're not dropping the environment variable / feature ever. The > problem is that this was cargo-culted into a lot of code over the > years, and it does reduce the security of libguestfs on RHEL. We're > having an (ongoing) battle to remove this cargo-culting from CNV right > now. I'm just not keen to add this line in new places, without at > least a comment saying this is a temporary hack, and not generally > recommended. Oh, I see, that makes sense. But then, Yumei, we should also add to that comment (sorry, this is becoming much more complicated than I thought...) that the workaround is for Fedora and related distributions. -- Stefao