[libvir] [PATCH] Bad permissions on /var/run/libvirt/
Anton Protopopov
aspsk2 at gmail.com
Mon Apr 21 16:47:38 UTC 2008
2008/4/21, Daniel Veillard <veillard at redhat.com>:
>
> On Mon, Apr 21, 2008 at 01:06:02PM +0400, Anton Protopopov wrote:
> > 2008/4/17, Daniel Veillard <veillard at redhat.com>:
> > >
> > > On Mon, Apr 14, 2008 at 07:37:56PM +0400, Anton Protopopov wrote:
> > > > Hi,
> > > >
> > > > Non-root can't use /var/run/libvirt/libvirt-sock even in the case
> > > > "unix_sock_group" and "unix_sock_rw_perms" are set properly.
> > > >
> > > > The reason:
> > > > # ls -l /var/run /var/run/libvirt | grep libvirt | grep -v pid
> > > > drwx------ 2 root root 4096 Apr 14 19:14 libvirt
> > > > srwxrwx--- 1 root libvirt 0 Apr 14 19:14 libvirt-sock
> > > > srwxrwxrwx 1 root libvirt 0 Apr 14 19:14 libvirt-sock-ro
> > > >
> > > > i.e., bad permissions on /var/run/libvirt
> > >
> > >
> > > Hum, how did you get this ? Maybe this is more a packaging problem
> than
> > > anything else
> >
> >
> > Yes, it was, sorry...
>
>
> So do you think the patch really make sense in a more general
> way. Except for the group from the configuration this looks like
> the wrong way to fix this.
>
> Do you agree ? If yes what about making a subset of the patch just
> for the socket group rights ?
>
>
> Daniel
Well, I think that there were two decisions:
First one is to change the permissions of /var/run/libvirt to 0750 (by
spcifying it in spec) and then change the group ownership of this directory
in main(), right after the call to remoteReadConfigFile(). That must be done
in main() because one can set "unix_sock_group" to non-root and then remove
config file.
The other (simple) one is to leave it as is :)
If you want, I can make patch to fix the first case
A.
--
> Red Hat Virtualization group http://redhat.com/virtualization/
> Daniel Veillard | virtualization library http://libvirt.org/
> veillard at redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/
> http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20080421/e89e838f/attachment-0001.htm>
More information about the libvir-list
mailing list