From b54420442ef1a4d7a39e4f868a8a8d76e593f510 Mon Sep 17 00:00:00 2001
From: Kuo-tung Kao <jelly.k@inwinstack.com>
Date: Tue, 22 Dec 2015 14:48:24 +0800
Subject: [PATCH] change libvirt sock group to nova

Add `nova` user to nova-libvirt container.
And change libvirt-socket group to nova.

Change-Id: I183c83f4be8b1d7c75d4ac204df7b7e059626aa2
Closes-Bug: #1525583
---
 ansible/roles/nova/templates/libvirtd.conf.j2 | 2 +-
 docker/nova/nova-libvirt/Dockerfile.j2        | 7 +++----
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/ansible/roles/nova/templates/libvirtd.conf.j2 b/ansible/roles/nova/templates/libvirtd.conf.j2
index d7a127a613..93137e798d 100644
--- a/ansible/roles/nova/templates/libvirtd.conf.j2
+++ b/ansible/roles/nova/templates/libvirtd.conf.j2
@@ -4,7 +4,7 @@ ca_file = ""
 log_level = 2
 log_outputs = "2:file:/var/log/libvirt/libvirtd.log"
 listen_addr = "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
-unix_sock_group = "root"
+unix_sock_group = "nova"
 unix_sock_ro_perms = "0777"
 unix_sock_rw_perms = "0770"
 auth_unix_ro = "none"
diff --git a/docker/nova/nova-libvirt/Dockerfile.j2 b/docker/nova/nova-libvirt/Dockerfile.j2
index 341aeb0b03..19f6053ce1 100644
--- a/docker/nova/nova-libvirt/Dockerfile.j2
+++ b/docker/nova/nova-libvirt/Dockerfile.j2
@@ -30,8 +30,7 @@ RUN apt-get install -y --no-install-recommends \
 {% endif %}
 
 COPY extend_start.sh /usr/local/bin/kolla_extend_start
-RUN chmod 755 /usr/local/bin/kolla_extend_start
+RUN chmod 755 /usr/local/bin/kolla_extend_start \
+    && useradd --user-group nova
 
-{{ include_footer }}
-
-# TODO(coolsvap/nihilifer): Run libvirt daemon as non-root user.
+{{ include_footer }}
\ No newline at end of file