On 03/10/2015 04:39 AM, Richard W.M. Jones wrote: > On Tue, Mar 10, 2015 at 02:32:04AM -0400, Laine Stump wrote: >> Commit 4bbe1029f fixed a problem in commit f7afeddc by moving the call >> to virNetDevGetIndex() to a location common to all interface types (so >> that the niceindex array would be filled in for macvtap as well as tap >> interfaces), but the location was *too* common, as the original call >> to virNetDevGetIndex() had been in a section qualified by "if >> (cfg->privileged)". The result was that the "fixed" libvirtd would try >> to call virNetDevGetIndex() even for session mode libvirtd, and end up >> failing with the log message: >> >> Unable to open control socket: Operation not permitted >> >> To remedy that, this patch qualifies the call to virNetDevGetIndex() >> in its new location with cfg->privileged. >> >> This resolves https://bugzilla.redhat.com/show_bug.cgi?id=1198244 >> --- >> >> If someone (Rich?) needs this pushed before I am awake, please feel >> free to push it. (also push to the 1.2.13-maint branch if you do) >> >> src/qemu/qemu_command.c | 3 ++- >> 1 file changed, 2 insertions(+), 1 deletion(-) >> >> diff --git a/src/qemu/qemu_command.c b/src/qemu/qemu_command.c >> index 1510797..3d1483e 100644 >> --- a/src/qemu/qemu_command.c >> +++ b/src/qemu/qemu_command.c >> @@ -7861,6 +7861,7 @@ qemuBuildInterfaceCommandLine(virCommandPtr cmd, >> char **tapfdName = NULL; >> char **vhostfdName = NULL; >> int actualType = virDomainNetGetActualType(net); >> + virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver); >> virNetDevBandwidthPtr actualBandwidth; >> size_t i; >> >> @@ -7936,7 +7937,7 @@ qemuBuildInterfaceCommandLine(virCommandPtr cmd, >> /* network and bridge use a tap device, and direct uses a >> * macvtap device >> */ >> - if (nicindexes && nnicindexes && net->ifname) { >> + if (cfg->privileged && nicindexes && nnicindexes && net->ifname) { >> if (virNetDevGetIndex(net->ifname, &nicindex) < 0 || >> VIR_APPEND_ELEMENT(*nicindexes, *nnicindexes, nicindex) < 0) >> goto cleanup; > Looks sensible, ACK. > > As Laine says, please make sure this gets into 1.2.13-maint because it > currently affects all 1.2.13 / Rawhide users. I just pushed it to master and to v1.2.13-maint. > > Also, why isn't there a regression test that would have picked this > up? A trivial reproducer is: > > $ guestfish -a /dev/null --network run > > but any test case that launches a guest with a network interface as > non-root would have caught this. This fails only if a tap device is used, which requires a properly configured qemu-bridge-helper and a bridge device with a particular name (and that no other session mode libvirtd be currently running for the user running the test), and we can't require that for the unit tests in " make check", so it would need to be done in the tck tests. -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list