Re: [libvirt] PATCH: Fix permissions problem starting QEMU

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jul 31, 2009 at 09:28:37AM +0100, Mark McLoughlin wrote:
> On Thu, 2009-07-30 at 15:00 +0100, Daniel P. Berrange wrote:
> > There is a minor bug when running QEMU non-root, and having
> > capng enabled. libvirt is unable to write the PID file in
> > /var/run/libvirt/qemu, since its now owned by 'qemu', but
> > libvirtd has dropped all capabilties at this point. The fix
> > is to delay dropping capabilities until after the PID file
> > has been created. We should also be sure to kill the child
> > if writing the PID file fails
> 
> I haven't looked into it much yet, but don't we need to open up the
> permissions on /var/lib/libvirt/images now? At least from 700 to 711 so
> qemu can open images?

Hmm, that's a good point, we definitely need to do that. 711 shoudl be
good because that lets us chmod the individual imagges to allow QEMU 
user to open them, while not allowing people to list the contents of
the directory

Regards,
Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]