Vagrant build doc should tell what filesystem permissions must be granted to the libvirt-qemu user

Call to virDomainCreateWithFlags failed: internal error: early end of file from monitor, possible problem: 2016-05-11T12:12:00.380129Z qemu-system-x86_64: -device virtio-9p-pci,id=fs0,fsdev=fsdev-fs0,mount_tag=9aaa2faa29f5edaf04deda5b7a3c0bd,bus=pci.2,addr=0x3: Virtio-9p Failed to initialize fs-driver with id:fsdev-fs0 and export path:/home/intrigeri/tails/git/vagrant

To make QEMU start, I had to use setfacl to give the libvirt-qemu “x” access to the directory hierarchy up to, and including, vagrant. Then, to make provisioning work, I had to recursively give read access to .git, and to vagrant/provision/assets. And finally, for the build process to start, I had to recursively do o+rx on .git (because the build process is run as the vagrant user, whose uid doesn’t match mine). And now I have a build running! :)

I think that one shouldn’t have to go through this guessing+retrying process, just because they set strict permissions to the path to their Tails Git tree (not even mentioning using a strict umask), so something about this should be documented. We can go crazy and simply require some superset of what we really need, in order to simplify the doc (if we go into more details, I suspect it’ll bitrot).

I don’t know if that’s a regressions vs. the previous Vagrant setup, so not setting target version. If it’s a regression, it would be nice if it was fixed for 2.5 to the latest.

In passing: perhaps using a different synced folder provider (e.g. the rsync one) would simplify this a lot?

Related issues

• Related to #12081 (closed)

Original created by @intrigeri on 11411 (Redmine)