[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH] doc: Add statment about permissions needed to do a core dump

On 09/15/2011 02:27 AM, Peter Krempa wrote:
Documentation did not specify, that some permissions are required on
target path for coredump for the user running the hypervisor.
  src/libvirt.c   |    4 +++-
  tools/virsh.pod |    3 +++
  2 files changed, 6 insertions(+), 1 deletions(-)

diff --git a/src/libvirt.c b/src/libvirt.c
index c32c7a6..ee88d87 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -2777,7 +2777,9 @@ error:
   * This method will dump the core of a domain on a given file for analysis.
   * Note that for remote Xen Daemon the file path will be interpreted in
- * the remote host.
+ * the remote host. Hypervisors may require execute and/or write permissions
+ * for destination path specified by argument @to for user running the
+ * hypervisor.

That sounds wrong to me. We already have the ability to relabel files and directories so that qemu can access them; why should the core file be any different than any other image file where libvirt is able to grant proper permissions?

Also, the wording is misleading - you are talking about 'search' permissions on the parent directories, not 'execute' on the file itself (the x bit is double-duty, execute for files and search for directories). So we should not be mentioning execute permissions. If we can't fix the real bug (that is, that libvirt is not granting proper permissions to qemu to be able to create the core dump), then I'd favor wording more like:

Hypervisors may require the user to manually ensure proper permissions on the file named by @to.

Eric Blake   eblake redhat com    +1-801-349-2682
Libvirt virtualization library http://libvirt.org

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]