On Tue, Sep 08, 2015 at 19:07:09 +0200, Martin Kletzander wrote: > Commit f1f68ca33433 tried fixing running multiple domains under various > users, but if the user can't browse the directory, it's hard for the > qemu running under that user to create the monitor socket. > > The permissions need to be fixed in two places due to support for both > installations with and without driver modules. > > Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1146886 > > Signed-off-by: Martin Kletzander <mkletzan@xxxxxxxxxx> > --- > This is not a problem for non-rpm installs because normal make install > will not change the permissions, it will just create the directory, so > it has 0755, but that difference is not something I'm trying to fix in > this patch. > > libvirt.spec.in | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/libvirt.spec.in b/libvirt.spec.in > index bb8bfc3c25c1..48461e865dc8 100644 > --- a/libvirt.spec.in > +++ b/libvirt.spec.in > @@ -2002,7 +2002,7 @@ exit 0 > %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.qemu > %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/ > %ghost %dir %attr(0700, root, root) %{_localstatedir}/run/libvirt/qemu/ > -%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/ > +%dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/ Seems OK, but are we sure every file created in that directory uses 007 mask? Otherwise, we would be opening a hole here... Jirka -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list