On Mon, Jul 23, 2012 at 11:21:37AM +0100, Daniel P. Berrange wrote:
> On Mon, Jul 23, 2012 at 11:02:41AM +0100, Richard W.M. Jones wrote:
> > On Mon, Jul 23, 2012 at 10:45:21AM +0100, Daniel P. Berrange wrote:
> > > On Sat, Jul 21, 2012 at 09:43:45PM +0100, Richard W.M. Jones wrote:
> > > > On Sat, Jul 21, 2012 at 08:20:45PM +0100, Richard W.M. Jones wrote:
> > > > > Some questions:
> > > >
> > > > Another question ...
> > > >
> > > > > <channel type="unix">
> > > > > <source mode="connect" path="/home/rjones/d/libguestfs/libguestfsSSg3Kl/guestfsd.sock"/>
> > > > > <target type="virtio" name="org.libguestfs.channel.0"/>
> > > > > </channel>
> > > >
> > > > This clause doesn't work when libguestfs/qemu runs as root. As far as
> > > > I can tell there are a combination of three factors working against it:
> > > >
> > > > (1) libvirt (when run as root) runs qemu as qemu.qemu. Since this
> > > > user didn't have write access to the socket, it fails. I fixed this
> > > > by chowning the socket.
> > >
> > > What libvirt URI are you using ? If libguest is running as non-root,
> > > then I expect you'd want to use qemu:///session.
> >
> > It's using NULL and expecting libvirt to choose the appropriate
> > connection URI, which does appear to work.
>
> Apps should only rely on NULL, if they are able to work with any
> possible hypervisor. If you have specific requirements for QEMU
> you should always request QEMU explicitly. A local sysadmin may
> well have set a different default URI using an env variable or
> $HOME/.libvirt/libvirt.conf which will give you an unexpected
> choice.
>
> > > Thus all files would be owned by the matching user ID, and I'd
> > > sugest $HOME/.libguestfs/qemu for the directory to store the sockets
> > > in.
> > >
> > > If libguestfs is running as root, then use qemu:///system and a socket
> > > under /var/lib/libguestfs/qemu/
> >
> > This is fairly sucky. We already make a temporary directory (a
> > randomly named subdirectory of $TMPDIR) and that seems the appropriate
> > place for small temporary files like sockets, especially since the
> > temp cleaner will clean them up properly if we don't.
> >
> > > You could either use the same directory that libvirt uses for the
> > > main QEMU monitor socket, or preferrably define standard directories
> > > for libguestfs and have them added to the SELinux policy
> >
> > So just so I'm completely clear about what's happening:
> >
> > (1) SELinux labels are chosen based on the parent directory.
>
> Yep
>
> > (2) By having a standard named parent directory (even $HOME/.libguestfs)
> > SELinux will assign the right label to a socket in this directory,
> > even if libguestfs is not running as root.
>
> Yep, if that dir is listed in the policy.
>
> > (3) libguestfs should not be setting labels on anything itself.
>
> Yes & no, see next answer
>
> >
> > (4) If a non-root user has never run libguestfs before, then merely
> > the act of libguestfs doing mkdir("$HOME/.libguestfs") [as non-root]
> > will ensure that any sockets in this directory are labelled correctly.
>
> For directories outside $HOME, the correct context is normally expected
> to be set by RPM during install. For $HOME I think you need to invoke
> "restorecon $HOME/.libguestfs" after creation, although IIRC this is
> no longer needed on rawhide.
An alternative that might work is to have libguestfs run 'chcon()' on
the temporary directory it creates to give it the 'qemu_var_run_t' type
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list