Non-root can't use /var/run/libvirt/libvirt-sock even in the case
"unix_sock_group" and "unix_sock_rw_perms" are set properly.
The reason:
# ls -l /var/run /var/run/libvirt | grep libvirt | grep -v pid
drwx------ 2 root root 4096 Apr 14 19:14 libvirt
srwxrwx--- 1 root libvirt 0 Apr 14 19:14 libvirt-sock
srwxrwxrwx 1 root libvirt 0 Apr 14 19:14 libvirt-sock-ro
i.e., bad permissions on /var/run/libvirt
One possible solution (implied in the attached patch) is the following:
Every time libvirtd starts
* it implicitly sets the group id of /var/run/libvirt:
chown(/var/run/libvirt, -1, unix_sock_gid).
* if "unix_sock_group" defined in /etc/libvirt/libvirtd.conf, libvirtd does
chmod g+x /var/run/libvirt
otherwise,
chmod g-x /var/run/libvirt
A.
Attachment:
fix_libvir_qemud_bad_permissions.patch
Description: Binary data
-- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list