Re: [PATCH] test: fix 'make assets' failure as root

25 Sep 2025

On Thu, 25 Sep 2025 11:27:49 +0100
"Richard W.M. Jones"  wrote:
...
On Thu, Sep 25, 2025 at 11:40:25AM +0200, Stefano Brivio wrote:
...
On Thu, 25 Sep 2025 09:53:06 +0100
"Richard W.M. Jones"  wrote:
...
On Thu, Sep 25, 2025 at 01:43:06PM +0800, Yumei Huang wrote:
...
Running `make assets` under `test` as root fails with a "Permission denied"
error when `prepare-distro-img.sh` invokes `virt-edit` and `guestfish`. This
is due to a known bug in libvirt.
Work around the issue by switching to the direct backend.
Signed-off-by: Yumei Huang 
---
 test/prepare-distro-img.sh | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/test/prepare-distro-img.sh b/test/prepare-distro-img.sh
index 0d967c9..423eea7 100755
--- a/test/prepare-distro-img.sh
+++ b/test/prepare-distro-img.sh
@@ -3,6 +3,8 @@
 IMG="$1"
 PASST_FILES="$(echo ../*.c ../*.h ../*.sh ../*.1 ../Makefile ../README.md)"
+export LIBGUESTFS_BACKEND=direct
Please add a comment that this is only added as a temporary hack until
we can get a proper fix (in libguestfs possibly, see Dan's earlier
email).
On the other hand, regardless of that fix, I would be happy to be run
this on single-user Alpine L1 guests, eventually, where libguestfs
doesn't depend on libvirt (see my caveat 2.), and I usually reserve
very little disk space for those.
The upstream default is backend 'direct'.  In Fedora & RHEL we
override this with 'libvirt':
https://src.fedoraproject.org/rpms/libguestfs/blob/rawhide/f/libguestfs.spec...
Ah, sorry, I had no idea!
...
I don't know what Alpine does, but likely it leaves it at the default.
(You can try: `guestfish get-backend`)
Yes, this is guestfs-tools and libguestfs 1.56.1-r0 on Alpine:

  # guestfish get-backend
  direct

Same on any modern Debian, openSUSE, Ubuntu.
...
...
If you don't have compelling reasons (like you're dropping
LIBGUESTFS_BACKEND=direct in two weeks), I would simply keep this as
long as it works. The day you drop that, we'll drop this too.
We're not dropping the environment variable / feature ever.  The
problem is that this was cargo-culted into a lot of code over the
years, and it does reduce the security of libguestfs on RHEL.  We're
having an (ongoing) battle to remove this cargo-culting from CNV right
now.  I'm just not keen to add this line in new places, without at
least a comment saying this is a temporary hack, and not generally
recommended.
Oh, I see, that makes sense.

But then, Yumei, we should also add to that comment (sorry, this is
becoming much more complicated than I thought...) that the workaround
is for Fedora and related distributions.

-- 
Stefao

    