On Mon, Sep 30, 2019 at 02:06:07PM +0200, Bruno Haible wrote: > Daniel P. Berrangé wrote: > > > > FWIW I compiled libvirt without the setgroups code on Mac and it > > > > worked as expected. Not sure what the implications of that are though? > > > > > > OK, then the fix would be to not use setgroups on Mac, and nothing to do > > > in gnulib. Right? > > > > Not calling setgroups means the QEMU process doesn't run with any of > > the supplementary groups associated with its user account, so this is > > not really a working solution. It re-introduces the bug that the > > setgroups call was added to fix. > > For what purpose is libvirt or QEMU using setgroups()? What goes wrong if > setgroups() fails? QEMU potentially needs access to files owned by a supplementary group. On Linux for example, /dev/kvm is often owned by 'kvm' group, but the 'qemu' user on Fedora has 'qemu' group as its primary group. So QEMU would be unable to open /dev/kvm without the setgroups call to set up supplementary groups. > The problem is that the Darwin kernel does not support setting more than > NGROUPS_MAX (= 16) groups. So > - What happens when you have a user account which is in more than 16 > groups? What do other processes do in this sitation? Samba appears to use initgroups on Darwin, while clamping to 16 groups only: https://github.com/samba-team/samba/blob/v4-11-stable/source3/smbd/sec_ctx.c#L248 > - Is using the first 16 groups and ignoring the extra ones an acceptable > solution? Certainly that's better than just ignoring groups entirely, as it will work for many more cases, even if not perfect. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
