From 1c442eebc8fe005af453bd610e750a1919a2b3ed Mon Sep 17 00:00:00 2001
From: Andrea Frittoli <andrea.frittoli@gmail.com>
Date: Wed, 30 Nov 2016 20:44:44 +0000
Subject: [PATCH] Fix libguestfs on Ubuntu

libguestfs does not work on ubuntu because the kernel is not
world readable. This breaks file injection with libvirt.
See https://bugs.launchpad.net/ubuntu/+source/linux/+bug/759725
for more details.

The workaround proposed by Ubuntu is to relax the kernel ACL
if needed, so we need to do that in case file injection is
enabled on an Ubuntu host running libvirt.

Partial-bug: #1646002
Change-Id: I405793b9e145308e51a08710d8e5df720aec6fde
---
 lib/nova_plugins/hypervisor-libvirt | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/lib/nova_plugins/hypervisor-libvirt b/lib/nova_plugins/hypervisor-libvirt
index 167ab6f2e7..f3c8add696 100644
--- a/lib/nova_plugins/hypervisor-libvirt
+++ b/lib/nova_plugins/hypervisor-libvirt
@@ -105,6 +105,16 @@ function install_nova_hypervisor {
     if [[ "$ENABLE_FILE_INJECTION" == "True" ]] ; then
         if is_ubuntu; then
             install_package python-guestfs
+            # NOTE(andreaf) Ubuntu kernel can only be read by root, which breaks libguestfs:
+            # https://bugs.launchpad.net/ubuntu/+source/linux/+bug/759725)
+            INSTALLED_KERNELS="$(ls /boot/vmlinuz-*)"
+            for kernel in $INSTALLED_KERNELS; do
+                STAT_OVERRIDE="root root 644 ${kernel}"
+                # unstack won't remove the statoverride, so make this idempotent
+                if [[ ! $(dpkg-statoverride --list | grep "$STAT_OVERRIDE") ]]; then
+                    sudo dpkg-statoverride --add --update $STAT_OVERRIDE
+                fi
+            done
         elif is_fedora || is_suse; then
             install_package python-libguestfs
         fi