Re: PATCH: Allow control over UNIX socket perms & group in libvirtd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Sep 19, 2007 at 03:35:50AM +0100, Daniel P. Berrange wrote:
> On Tue, Sep 18, 2007 at 04:17:32AM -0400, Daniel Veillard wrote:
> > On Tue, Sep 18, 2007 at 05:38:09AM +0100, Daniel P. Berrange wrote:
> > > NB, the virConf apis don't seem to recognise Octal numbers when parsing
> > > the config file, so I've used strings for the permissions. Not a big deal
> > > really unless someone desperately wants to fix the config file parser...
> > [...]
> > > +static gid_t unix_sock_gid = 0; /* Only root by default */
> > > +static int unix_sock_rw_perms = 0700; /* Allow user only */
> > > +static int unix_sock_ro_perms = 0777; /* Allow world */
> > [...]
> > > -    if (readonly)
> > > -        oldmask = umask(~(S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH));
> > > -    else
> > > -        oldmask = umask(~(S_IRUSR | S_IWUSR));
> > > +    oldgrp = getgid();
> > > +    oldmask = umask(readonly ? ~unix_sock_ro_perms : ~unix_sock_rw_perms);
> > > +    if (getuid() == 0)
> > > +        setgid(unix_sock_gid);
> > > +
> > 
> >    Looks fine but we went from the full macros definition to the pre
> > digested octal value. But I'm not old enough to really care :-)
> 
> The umask was wanting a mask, while the configuration file (for end-user 
> sanity) wants a mode instead. So I figured it was best to simply stick
> with mode throughout the code, and simply invert it when passing into
> umask at time of use. 

  yeah, it's actually simpler to read and deal with

> I added this to CVS & along with the updated docs on the 3 new configuration
> parameters for the daemon.

  Cool, thanks

Daniel

-- 
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard      | virtualization library  http://libvirt.org/
veillard@xxxxxxxxxx  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine  http://rpmfind.net/

--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]