On Sun, Oct 17, 2010 at 10:58:55PM +0200, Dan Kenigsberg wrote: > qemudOpenAsUID is intended to open a file with the credentials of a > specified uid. Current implementation fails if the file is accessible to > one of uid's groups but not owned by uid. > > This patch replaces the supplementary group list that the child process > inherited from libvirtd with the default group list of uid. > --- > src/qemu/qemu_driver.c | 16 ++++++++++++++++ > 1 files changed, 16 insertions(+), 0 deletions(-) > > diff --git a/src/qemu/qemu_driver.c b/src/qemu/qemu_driver.c > index 0ce2d40..a1027d4 100644 > --- a/src/qemu/qemu_driver.c > +++ b/src/qemu/qemu_driver.c > @@ -6353,6 +6353,7 @@ parent_cleanup: > char *buf = NULL; > size_t bufsize = 1024 * 1024; > int bytesread; > + struct passwd *pwd; > > /* child doesn't need the read side of the pipe */ > close(pipefd[0]); > @@ -6365,6 +6366,21 @@ parent_cleanup: > goto child_cleanup; > } > > + /* we can avoid getpwuid_r() in threadless child */ > + if ((pwd = getpwuid(uid)) == NULL) { That may be so, but you're going to hit a 'make syntax-check' failure here, and we don't want to whitelist the entire qemu_driver.c file to get past it. > + exit_code = errno; > + virReportSystemError(errno, > + _("cannot setuid(%d) to read '%s'"), > + uid, path); > + goto child_cleanup; > + } > + if (initgroups(pwd->pw_name, pwd->pw_gid) != 0) { > + exit_code = errno; > + virReportSystemError(errno, > + _("cannot setuid(%d) to read '%s'"), > + uid, path); > + goto child_cleanup; > + } > if (setuid(uid) != 0) { > exit_code = errno; > virReportSystemError(errno, Regards, Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://deltacloud.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list