From 8f4511a42b9fa9b3f95f470ff9509fbf8dbd8e89 Mon Sep 17 00:00:00 2001
From: Erik Skultety <eskultet@redhat.com>
Date: Tue, 23 May 2023 14:39:41 +0200
Subject: install: Create the top-level volumes ourselves with custom
 permissions

Lcitool defaults to creating VMs using libvirt's system connection
which has many benefits for developers over plain session connection.
Lcitool itself relies on one such benefit being libvirt's NSS module
for SSH connections. The problem we're facing with the system connection
here is that if not specified, the file storage volume which
virt-install creates automatically with libvirt defaults to libvirt's
daemon UNIX ownership and its own umask, i.e. 0600 root:root which is a
problem if we want to allow automatic template image creations with
non-superuser rights. Therefore, we need to create the resulting volume
ourselves, along with linking its backing store, and only tell
virt-install of its existence.

Signed-off-by: Erik Skultety <eskultet@redhat.com>
---
 lcitool/install/install.py | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/lcitool/install/install.py b/lcitool/install/install.py
index 68449e6..a6ef147 100644
--- a/lcitool/install/install.py
+++ b/lcitool/install/install.py
@@ -4,6 +4,7 @@
 
 import errno
 import logging
+import os
 import subprocess
 
 from pathlib import Path
@@ -110,6 +111,16 @@ class VirtInstall:
         conf_size = config.values["install"]["disk_size"]
         conf_pool = config.values["install"]["storage_pool"]
 
+        # To force user/group permissions on the target volume, we have to
+        # create it ourselves as virt-install doesn't accept file permissions
+        # or mode for the file-based volumes it creates
+        libvirt_pool = LibvirtWrapper().pool_by_name(conf_pool)
+        storage_vol = libvirt_pool.create_volume(runner.name + ".qcow2",
+                                                 conf_size, units="G",
+                                                 owner=str(os.getuid()),
+                                                 group=str(os.getgid()),
+                                                 backing_store=baseimg_path)
+
         # Dump the edited cloud-init template for virt-install to use
         ssh_keypair = util.SSHKeyPair(config.values["install"]["ssh_key"])
         ssh_pubkey_str = str(ssh_keypair.public_key)
@@ -123,12 +134,7 @@ class VirtInstall:
             fd.write(cloud_config.dump())
             runner.args.extend(["--cloud-init", f"user-data={fd.name}"])
 
-        baseimg_path_str = baseimg_path.as_posix()
-        disk_arg = (f"size={conf_size},"
-                    f"pool={conf_pool},"
-                    f"backing_store={baseimg_path_str},"
-                    f"bus=virtio")
-
+        disk_arg = (f"vol={libvirt_pool.name}/{storage_vol.name},bus=virtio")
         runner.args.extend(["--import",
                             "--disk", disk_arg])
         runner.args.extend(runner._get_common_args(config))
-- 
cgit v1.1