Re: [patch]make rundir permission equals to socket permission to support unprivileged access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jun 05, 2012 at 02:21:10PM +0800, Royce Lv wrote:
> Libvirt-socket-rw and libvirt-socket-ro are not used only for libvirt or
> root user,
> but also for  unprivileged application such as vdsm,
> Restrain the rundir only read/search for libvirt prevent comunication
> with unprivileged client,change rundir the permission equals to the sockets
> permission.
> See bug:
> https://bugzilla.redhat.com/show_bug.cgi?id=828073

That BZ is marked as a Regression; do you know if that's right, and if
so, what commit caused it?

Dave

> Signed-off-by: lvroyce <lvroyce@xxxxxxxxxxxxxxxxxx>
> ---
>  daemon/libvirtd.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
> index c74cd43..6095072 100644
> --- a/daemon/libvirtd.c
> +++ b/daemon/libvirtd.c
> @@ -293,7 +293,7 @@ daemonUnixSocketPaths(struct daemonConfig *config,
>              if (!(rundir = virGetUserRuntimeDirectory()))
>                  goto error;
> 
> -            old_umask = umask(077);
> +            old_umask = umask(022);
>              if (virFileMakePath(rundir) < 0) {
>                  umask(old_umask);
>                  goto error;

> --
> libvir-list mailing list
> libvir-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/libvir-list

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list


[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]