On Thu, Nov 22, 2012 at 05:41:30PM +0100, Viktor Mihajlovski wrote: > I ran into trouble today trying to use the GIT level of QEMU. > > In a nutshell: the capability detection with QMP is failing > and the fallback using -help isn't working with the GIT level > probably due to help text reformatting. > > The failure reason is that QEMU cannot bind to the > QMP monitor socket in the /var/lib/libvirt/qemu directory. > That's because the child process is stripped of all > capabilities and this directory is chown'ed to qemu:qemu > by the QEMU driver. > > Note that this is failing with the release QEMU as well, > with the difference that the fallback is working there. > > I am willing to provide a patch, however I'd like > to get feedback on the approach to use: > > 1. Add back Linux capabilities CAP_DAC_OVERRIDE, > CAP_DAC_READ_SEARCH to allow QEMU to bind to > the monitor socket. > This seems to be hacky/dodging the problem. > > 2. Use a separate directory for the QMP probing > instance of QEMU. > > 3. Run the QMP QEMU under the configured qemu > user. This would be my favorite. Yep, this seems like the right thing todo. /me tries to understand why I didn't see this problem myself. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list