Re: [PATCH] Allow execute access to /var/lib/libvirt/qemu/ for others

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Sep 08, 2015 at 19:07:09 +0200, Martin Kletzander wrote:
> Commit f1f68ca33433 tried fixing running multiple domains under various
> users, but if the user can't browse the directory, it's hard for the
> qemu running under that user to create the monitor socket.
> 
> The permissions need to be fixed in two places due to support for both
> installations with and without driver modules.
> 
> Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1146886
> 
> Signed-off-by: Martin Kletzander <mkletzan@xxxxxxxxxx>
> ---
> This is not a problem for non-rpm installs because normal make install
> will not change the permissions, it will just create the directory, so
> it has 0755, but that difference is not something I'm trying to fix in
> this patch.
> 
>  libvirt.spec.in | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/libvirt.spec.in b/libvirt.spec.in
> index bb8bfc3c25c1..48461e865dc8 100644
> --- a/libvirt.spec.in
> +++ b/libvirt.spec.in
> @@ -2002,7 +2002,7 @@ exit 0
>  %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.qemu
>  %dir %attr(0700, root, root) %{_localstatedir}/log/libvirt/qemu/
>  %ghost %dir %attr(0700, root, root) %{_localstatedir}/run/libvirt/qemu/
> -%dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/
> +%dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/

Seems OK, but are we sure every file created in that directory uses 007
mask? Otherwise, we would be opening a hole here...

Jirka

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]