> > Setting unix_sock_group to something else than default "root" in > > /etc/libvirt/libvirtd.conf prevents system libvirtd from dumping core on > > crash. This is because we used setgid(unix_sock_group) before binding to > > /var/run/libvirt/libvirt-sock* and setgid() back to original group. > > However, if a process changes its effective or filesystem group ID, it > > will be forbidden from leaving core dumps unless fs.suid_dumpable sysctl > > is set to something else then 0 (and it is 0 by default). > > > > Changing socket's group ownership after bind works better. And we can do > > so without introducing a race condition since we loosen access rights by > > changing the group from root to something else. > > If you use fchown(sock->fd) then you avoid any possible race issues. Except that it doesn't work. That was the first thing I tried but fchown() doesn't seem to work on unix sockets. The socket will still ended up with root:root ownership regardless on where I put fchown() -- either before bind() to avoid race issues or after it, which wouldn't be any better than chown(). Jirka -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list