From bd52d04d486fafb7b781b3d7ee4eff936a17c53a Mon Sep 17 00:00:00 2001
From: Manuel Bentele
Date: Mon, 8 Feb 2021 10:07:38 +0100
Subject: [libvirt] Add user and groups to run libvirt

---
 core/modules/libvirt/data/addon-init | 78 ++++++++++++++++++++++++++++++++++++
 1 file changed, 78 insertions(+)

diff --git a/core/modules/libvirt/data/addon-init b/core/modules/libvirt/data/addon-init
index 8070d171..034eb22a 100755
--- a/core/modules/libvirt/data/addon-init
+++ b/core/modules/libvirt/data/addon-init
@@ -1,4 +1,82 @@
 #!/bin/ash
 
+#
+# allocated UID and GID for libvirt-qemu
+#
+LIBVIRT_QEMU_UID=64055
+LIBVIRT_QEMU_GID=64055
+
+#
+# add groups to run libvirt
+#
+if ! getent group libvirt >/dev/null; then
+	addgroup --quiet --system libvirt
+fi
+
+if ! getent group kvm >/dev/null; then
+	addgroup --quiet --system kvm
+fi
+
+#
+# add user and group libvirt runs qemu/kvm instances with
+#
+if ! getent passwd libvirt-qemu >/dev/null; then
+
+	# set uid if available (expected); don't fail otherwise.
+	PARAMETER_UID=''
+	if ! getent passwd $LIBVIRT_QEMU_UID >/dev/null; then
+		PARAMETER_UID="--uid $LIBVIRT_QEMU_UID"
+	fi
+
+	adduser --quiet \
+			--system \
+			--ingroup kvm \
+			--quiet \
+			--disabled-login \
+			--disabled-password \
+			--home /var/lib/libvirt \
+			--no-create-home \
+			--gecos "Libvirt Qemu" \
+			$PARAMETER_UID \
+			libvirt-qemu
+fi
+
+if ! getent group libvirt-qemu >/dev/null; then
+
+	# set gid if available (expected); don't fail otherwise.
+	PARAMETER_GID=''
+	if ! getent group $LIBVIRT_QEMU_GID >/dev/null; then
+		PARAMETER_GID="--gid $LIBVIRT_QEMU_GID"
+	fi
+
+	addgroup --quiet --system $PARAMETER_GID libvirt-qemu
+	adduser --quiet libvirt-qemu libvirt-qemu
+fi
+
+#
+# add each sudo user to the libvirt group
+#
+for u in $(getent group sudo | sed -e "s/^.*://" -e "s/,/ /g"); do
+	adduser "$u" libvirt >/dev/null || true
+done
+
+if ! getent group libvirt-dnsmasq >/dev/null; then
+	addgroup --quiet --system libvirt-dnsmasq
+fi
+if ! getent passwd libvirt-dnsmasq >/dev/null; then
+	adduser --quiet \
+			--system \
+			--ingroup libvirt-dnsmasq \
+			--disabled-login \
+			--disabled-password \
+			--home /var/lib/libvirt/dnsmasq \
+			--no-create-home \
+			--gecos "Libvirt Dnsmasq" \
+			libvirt-dnsmasq
+fi
+
+#
+# register and start libvirt service
+#
 systemctl daemon-reload
 systemctl start libvirtd.service
-- 
cgit v1.2.3-55-g7522