On Wed, Mar 09, 2011 at 02:19:18PM +0100, Guido GÃnther wrote: > On Wed, Mar 09, 2011 at 09:20:50AM +0100, Guido GÃnther wrote: > > otherwise the user might not have enough permissions to access the > > socket if roots umask is 077. > This version of the patch fixes the dependency on a sane umask without > introducing a new function. > O.k. to apply? > Cheers, > -- Guido > >From 7595fc991a7fe398466d1e3fac0b52ad9e389602 Mon Sep 17 00:00:00 2001 > From: =?UTF-8?q?Guido=20G=C3=BCnther?= <agx@xxxxxxxxxxx> > Date: Wed, 9 Mar 2011 14:15:48 +0100 > Subject: [PATCH] Make sure the rundir is accessible by the user > > otherwise the user might not have enough permissions to access the > socket if root's umask is 077. > > http://bugs.debian.org/614210 > --- > daemon/libvirtd.c | 4 ++++ > 1 files changed, 4 insertions(+), 0 deletions(-) > > diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c > index 452566c..9a5a53e 100644 > --- a/daemon/libvirtd.c > +++ b/daemon/libvirtd.c > @@ -3277,16 +3277,20 @@ int main(int argc, char **argv) { > /* Ensure the rundir exists (on tmpfs on some systems) */ > if (geteuid() == 0) { > const char *rundir = LOCALSTATEDIR "/run/libvirt"; > + mode_t old_umask; > > + old_umask = umask(022); > if (mkdir (rundir, 0755)) { > if (errno != EEXIST) { > char ebuf[1024]; > VIR_ERROR(_("unable to create rundir %s: %s"), rundir, > virStrerror(errno, ebuf, sizeof(ebuf))); > ret = VIR_DAEMON_ERR_RUNDIR; > + umask(old_umask); > goto error; > } > } > + umask(old_umask); > } > > /* Beyond this point, nothing should rely on using ACK Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list