On 12/19/2010 08:17 AM, Dan Kenigsberg wrote:
Hi,
I might be wrong here, but it seems that when libvirt spawns a new qemu process,
it sets its uid and gid (qemu:qemu by deafult) but does not call initgroups(),
so the spawned qemu cannot read files that are owned by qemu auxiliary groups.
Am I right? How difficult is the fix?
You are correct that initgroups isn't called.
It looks like it could be fixed with a call to initgroups in
qemu_security.c:qemuSecurityDACSetProcessLabel(), but I would defer to
Dan Berrange as to whether that's the best place to put it.
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list