On Mon, Feb 04, 2019 at 04:26:02PM +0100, Peter Krempa wrote: > It will not work. This breaks qemu capabilities probing as a user. > --- > src/qemu/qemu_capabilities.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c > index 7ed5f94803..81ef0357e7 100644 > --- a/src/qemu/qemu_capabilities.c > +++ b/src/qemu/qemu_capabilities.c > @@ -4524,7 +4524,8 @@ virQEMUCapsInitQMPCommandRun(virQEMUCapsInitQMPCommandPtr cmd, > #if WITH_CAPNG > /* QEMU might run into permission issues, e.g. /dev/sev (0600), override > * them just for the purpose of probing */ > - virCommandAllowCap(cmd->cmd, CAP_DAC_OVERRIDE); > + if (geteuid() == 0) > + virCommandAllowCap(cmd->cmd, CAP_DAC_OVERRIDE); This should be enough of a fix with the current code base as it won't clash with the other two CAP_SYS_RAWIO and CAP_NET_ADMIN which should still fail when used with the session daemon as expected. Reviewed-by: Erik Skultety <eskultet@xxxxxxxxxx> -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
