[libvirt] [PATCH] qemu: Make sure permissions are set on VNC auto socket
Martin Kletzander
mkletzan at redhat.com
Thu Apr 30 07:38:32 UTC 2015
On Wed, Apr 29, 2015 at 01:08:37PM -0400, Cole Robinson wrote:
>On 04/29/2015 08:32 AM, Martin Kletzander wrote:
>> On Tue, Apr 28, 2015 at 08:13:19PM -0400, Cole Robinson wrote:
>>> This can cause permissions failures if qemu.conf user/group is changed.
>>>
>>
>> I assume the issue only exists if the socket already exists, am I right?
>>
>
>Hmm, my commit message is bogus. I thought I had hit this issue before and
>didn't actually test that it was failing, only verifying that the end result
>appeared correct, which it does regardless of this patch. Sorry for the time
>wasting.
>
>Here's why it already kinda works without anything explicitly done by libvirt:
>you can't bind a unix socket to an existing path, it fails with 'Address
>already in use'. qemu handles this by unconditionally unlinking whatever path
>is manually passed it. Then the socket bind(2) call will implicitly recreate
>the passed in path. In the auto VNC case this effectively causes the
>permissions to be reset automagically: qemu can write to the parent
>/var/lib/libvirt/qemu directory, and the new socket gets proper user/group
>(from the qemu runtime user) and selinux label (from the parent directory)
>
>That said, what _will_ fail is if the user specified an explicit VNC socket
>path, but the parent directory was not writeable by qemu. Even if the socket
>path is readable/writeable by the user. Kinda confusing but not sure if anyone
>cares in practice. FWIW this is true of any usage of qemu's unix: handling.
>
Since it needs to unlink and create the socket, it must have the
permissions to do so in that respective directory. As with disks
etc., user is responsible for that unless it is auto-generated path.
We cannot change the permissions on all parent directories. It's
definitely worth mentioning that somewhere around the VNC socket stuff
in the documentation.
>So this patch doesn't add much... I'll drop it.
>
>There are a few other issues WRT VNC unix handling though:
>
>- Default listen address is still added to the runtime XML, though not to qemu CLI
>
I remember that when I was checking the code most of the conditions
weren't exclusive, the only thing where using a socket effectively
disabled listening was the command line preparation. I agree that all
the parts should be in sync and not just try initializing and setting
everything unconditionally.
>- VNC sockets are left on disk after qemu shuts down... It's unclear what the
>fix is though. Maybe qemu should register an atexit handler to clean up unix
>sockets, since its the one that's actually creating them. Or maybe leave it as
>it is since it might cause user confusion with manually specific paths.
>
How is it done with monitor sockets? We are cleaning them in libvirt
if we get the chance, right? That should be the same case with
chardev channel sockets and everything else. Even VNC sockets.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20150430/4e128cc7/attachment-0001.sig>
More information about the libvir-list
mailing list