On Wed, Apr 29, 2015 at 01:08:37PM -0400, Cole Robinson wrote:
On 04/29/2015 08:32 AM, Martin Kletzander wrote:On Tue, Apr 28, 2015 at 08:13:19PM -0400, Cole Robinson wrote:This can cause permissions failures if qemu.conf user/group is changed.I assume the issue only exists if the socket already exists, am I right?Hmm, my commit message is bogus. I thought I had hit this issue before and didn't actually test that it was failing, only verifying that the end result appeared correct, which it does regardless of this patch. Sorry for the time wasting. Here's why it already kinda works without anything explicitly done by libvirt: you can't bind a unix socket to an existing path, it fails with 'Address already in use'. qemu handles this by unconditionally unlinking whatever path is manually passed it. Then the socket bind(2) call will implicitly recreate the passed in path. In the auto VNC case this effectively causes the permissions to be reset automagically: qemu can write to the parent /var/lib/libvirt/qemu directory, and the new socket gets proper user/group (from the qemu runtime user) and selinux label (from the parent directory) That said, what _will_ fail is if the user specified an explicit VNC socket path, but the parent directory was not writeable by qemu. Even if the socket path is readable/writeable by the user. Kinda confusing but not sure if anyone cares in practice. FWIW this is true of any usage of qemu's unix: handling.
Since it needs to unlink and create the socket, it must have the permissions to do so in that respective directory. As with disks etc., user is responsible for that unless it is auto-generated path. We cannot change the permissions on all parent directories. It's definitely worth mentioning that somewhere around the VNC socket stuff in the documentation.
So this patch doesn't add much... I'll drop it. There are a few other issues WRT VNC unix handling though: - Default listen address is still added to the runtime XML, though not to qemu CLI
I remember that when I was checking the code most of the conditions weren't exclusive, the only thing where using a socket effectively disabled listening was the command line preparation. I agree that all the parts should be in sync and not just try initializing and setting everything unconditionally.
- VNC sockets are left on disk after qemu shuts down... It's unclear what the fix is though. Maybe qemu should register an atexit handler to clean up unix sockets, since its the one that's actually creating them. Or maybe leave it as it is since it might cause user confusion with manually specific paths.
How is it done with monitor sockets? We are cleaning them in libvirt if we get the chance, right? That should be the same case with chardev channel sockets and everything else. Even VNC sockets.
Attachment:
signature.asc
Description: PGP signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list