[libvir] [PATCH] Bad permissions on /var/run/libvirt/

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

Non-root can't use /var/run/libvirt/libvirt-sock even in the case
"unix_sock_group" and "unix_sock_rw_perms" are set properly.

The reason:
   # ls -l /var/run /var/run/libvirt | grep libvirt | grep -v pid
   drwx------ 2 root root   4096 Apr 14 19:14 libvirt
   srwxrwx--- 1 root libvirt 0 Apr 14 19:14 libvirt-sock
   srwxrwxrwx 1 root libvirt 0 Apr 14 19:14 libvirt-sock-ro

i.e., bad permissions on /var/run/libvirt

One possible solution (implied in the attached patch) is the following:

Every time libvirtd starts
* it implicitly sets the group id of /var/run/libvirt:
        chown(/var/run/libvirt, -1, unix_sock_gid).
* if "unix_sock_group" defined in /etc/libvirt/libvirtd.conf, libvirtd does
         chmod g+x /var/run/libvirt
   otherwise,
         chmod g-x /var/run/libvirt

A.

Attachment: fix_libvir_qemud_bad_permissions.patch
Description: Binary data

--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]