[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH libguestfs 0/4] Add a libvirt backend to libguestfs.



On Sat, Jul 21, 2012 at 08:20:45PM +0100, Richard W.M. Jones wrote:
> Some questions:

Another question ...

>     <channel type="unix">
>       <source mode="connect" path="/home/rjones/d/libguestfs/libguestfsSSg3Kl/guestfsd.sock"/>
>       <target type="virtio" name="org.libguestfs.channel.0"/>
>     </channel>

This clause doesn't work when libguestfs/qemu runs as root.  As far as
I can tell there are a combination of three factors working against it:

(1) libvirt (when run as root) runs qemu as qemu.qemu.  Since this
user didn't have write access to the socket, it fails.  I fixed this
by chowning the socket.

(2) Regular Unix permissions didn't give access to my home directory
by non-root/non-me users.  Fixed those permissions.  This won't be a
problem when we're using /tmp normally, but will break tests because
we like to set $TMPDIR.

(3) SELinux/sVirt prevents qemu connecting to this socket.  This one
is a pain.  You'd think that if a socket is specified in the libvirt
XML then sVirt should allow access to it.

How to solve?

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-p2v converts physical machines to virtual machines.  Boot with a
live CD or over the network (PXE) and turn machines into Xen guests.
http://et.redhat.com/~rjones/virt-p2v


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]