[Libguestfs] [libvirt] [PATCH libguestfs 0/4] Add a libvirt backend to libguestfs.

Daniel P. Berrange berrange at redhat.com
Mon Jul 23 10:43:38 UTC 2012 

On Mon, Jul 23, 2012 at 11:21:37AM +0100, Daniel P. Berrange wrote:
> On Mon, Jul 23, 2012 at 11:02:41AM +0100, Richard W.M. Jones wrote:
> > On Mon, Jul 23, 2012 at 10:45:21AM +0100, Daniel P. Berrange wrote:
> > > On Sat, Jul 21, 2012 at 09:43:45PM +0100, Richard W.M. Jones wrote:
> > > > On Sat, Jul 21, 2012 at 08:20:45PM +0100, Richard W.M. Jones wrote:
> > > > > Some questions:
> > > > 
> > > > Another question ...
> > > > 
> > > > >     <channel type="unix">
> > > > >       <source mode="connect" path="/home/rjones/d/libguestfs/libguestfsSSg3Kl/guestfsd.sock"/>
> > > > >       <target type="virtio" name="org.libguestfs.channel.0"/>
> > > > >     </channel>
> > > > 
> > > > This clause doesn't work when libguestfs/qemu runs as root.  As far as
> > > > I can tell there are a combination of three factors working against it:
> > > > 
> > > > (1) libvirt (when run as root) runs qemu as qemu.qemu.  Since this
> > > > user didn't have write access to the socket, it fails.  I fixed this
> > > > by chowning the socket.
> > > 
> > > What libvirt URI are you using ?  If libguest is running as non-root,
> > > then I expect you'd want to use  qemu:///session.
> > 
> > It's using NULL and expecting libvirt to choose the appropriate
> > connection URI, which does appear to work.
> 
> Apps should only rely on NULL, if they are able to work with any
> possible hypervisor. If you have specific requirements for QEMU
> you should always request QEMU explicitly. A local sysadmin may
> well have set a different default URI using an env variable or
> $HOME/.libvirt/libvirt.conf which will give you an unexpected
> choice.
> 
> > > Thus all files would be owned by the matching user ID, and I'd
> > > sugest $HOME/.libguestfs/qemu for the directory to store the sockets
> > > in.
> > >
> > > If libguestfs is running as root, then use qemu:///system and a socket
> > > under /var/lib/libguestfs/qemu/
> > 
> > This is fairly sucky.  We already make a temporary directory (a
> > randomly named subdirectory of $TMPDIR) and that seems the appropriate
> > place for small temporary files like sockets, especially since the
> > temp cleaner will clean them up properly if we don't.
> >
> > > You could either use the same directory that libvirt uses for the
> > > main QEMU monitor socket, or preferrably define standard directories
> > > for libguestfs and have them added to the SELinux policy
> > 
> > So just so I'm completely clear about what's happening:
> > 
> > (1) SELinux labels are chosen based on the parent directory.
> 
> Yep
> 
> > (2) By having a standard named parent directory (even $HOME/.libguestfs)
> > SELinux will assign the right label to a socket in this directory,
> > even if libguestfs is not running as root.
> 
> Yep, if that dir is listed in the policy.
> 
> > (3) libguestfs should not be setting labels on anything itself.
> 
> Yes & no, see next answer
> 
> > 
> > (4) If a non-root user has never run libguestfs before, then merely
> > the act of libguestfs doing mkdir("$HOME/.libguestfs") [as non-root]
> > will ensure that any sockets in this directory are labelled correctly.
> 
> For directories outside $HOME, the correct context is normally expected
> to be set by RPM during install. For $HOME I think you need to invoke
> "restorecon $HOME/.libguestfs" after creation, although IIRC this is
> no longer needed on rawhide.


An alternative that might work is to have  libguestfs run 'chcon()' on
the temporary directory it creates to give it the 'qemu_var_run_t' type


Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the Libguestfs mailing list