Re: [PATCH libguestfs 0/4] Add a libvirt backend to libguestfs.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, Jul 21, 2012 at 09:43:45PM +0100, Richard W.M. Jones wrote:
> On Sat, Jul 21, 2012 at 08:20:45PM +0100, Richard W.M. Jones wrote:
> > Some questions:
> 
> Another question ...
> 
> >     <channel type="unix">
> >       <source mode="connect" path="/home/rjones/d/libguestfs/libguestfsSSg3Kl/guestfsd.sock"/>
> >       <target type="virtio" name="org.libguestfs.channel.0"/>
> >     </channel>
> 
> This clause doesn't work when libguestfs/qemu runs as root.  As far as
> I can tell there are a combination of three factors working against it:
> 
> (1) libvirt (when run as root) runs qemu as qemu.qemu.  Since this
> user didn't have write access to the socket, it fails.  I fixed this
> by chowning the socket.

What libvirt URI are you using ?  If libguest is running as non-root,
then I expect you'd want to use  qemu:///session. THus all files would
be owned by the matching user ID, and I'd sugest $HOME/.libguestfs/qemu
for the directory to store the sockets in.

If libguestfs is running as root, then use qemu:///system and a socket
under /var/lib/libguestfs/qemu/

> (2) Regular Unix permissions didn't give access to my home directory
> by non-root/non-me users.  Fixed those permissions.  This won't be a
> problem when we're using /tmp normally, but will break tests because
> we like to set $TMPDIR.

Again, see above.

> (3) SELinux/sVirt prevents qemu connecting to this socket.  This one
> is a pain.  You'd think that if a socket is specified in the libvirt
> XML then sVirt should allow access to it.

You could either use the same directory that libvirt uses for the
main QEMU monitor socket, or preferrably define standard directories
for libguestfs and have them added to the SELinux policy

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]