Thanks for your suggestions Daniel! I will rerun my executable thru strace with LIBVIRT_DEBUG=1 to see what happens and will send the results if need be. John -----Original Message----- From: Daniel P. Berrange [mailto:berrange@xxxxxxxxxx] Sent: Monday, March 01, 2010 7:58 AM To: Tavares, John Cc: libvir-list@xxxxxxxxxx Subject: Re: [libvirt] inability to open local read-only connection On Thu, Feb 25, 2010 at 02:34:02PM -0600, Tavares, John wrote: > I have been experimenting with using libvirt (0.3.3) on a variety of > systems (RHEL, CentOS and Oracle VM). I have run into an issue when > I try to open a local read-only connection to the hypervisor that is > failing only on Oracle VM server release 2.2.0. I have created a root > owned setuid executable that is effectively running as root, but even > so, still cannot open the local read-only connection of the hypervisor. > It only works if I run it directly as root. This is not an option. I > do not understand why it works as is on my RHEL and CentOS machines, but > not my Oracle machine. It would seem as thought it is not checking if > the effective uid is root, just the uid. A readonly connection essentially just goes to a separate UNIX socket, which has more relaxed permissions (mode 0777, instead of 0700). The kernel does the permissions checking when attempting to open it, so it should be using the effective ID. > Has anyone run into a similar issue or have any suggestions of what I > might try to fix this issue or can tell me that this is a defect that > needs (is) fixed?? I'd suggest trying to strace your process & see where it fails, and/or run with LIBVIRT_DEBUG=1 environemnt variable set. Regards, Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list