On Mon, Nov 26, 2012 at 03:17:13PM +0100, Viktor Mihajlovski wrote: > QMP Capability probing will fail if QEMU cannot bind to the > QMP monitor socket in the qemu_driver->libDir directory. > That's because the child process is stripped of all > capabilities and this directory is chown'ed to the configured > QEMU user/group (normally qemu:qemu) by the QEMU driver. > > To prevent this from happening, the driver startup will now pass > the QEMU uid and gid down to the capability probing code. > All capability probing invocations of QEMU will be run with > the configured QEMU uid instead of libvirtd's. > > Furter, the pid file handling is moved to libvirt, as QEMU > cannot write to the qemu_driver->runDir (root:root). This also > means that the libvirt daemonizing must be used. > > Signed-off-by: Viktor Mihajlovski <mihajlov@xxxxxxxxxxxxxxxxxx> > --- > src/qemu/qemu_capabilities.c | 88 ++++++++++++++++++++++++++++++++++---------- > src/qemu/qemu_capabilities.h | 7 +++- > src/qemu/qemu_driver.c | 4 +- > 3 files changed, 76 insertions(+), 23 deletions(-) ACK, A nice side effect of this is that the traditional non-QMP based QEMU probing also now runs unprivileged Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list