On 08/05/2013 04:09 AM, Guido Günther wrote:
> The change from initgroups to virGetGroupList/setgroups in
> cab36cfe71ba83b71e536ba5c98e596f02b697b0 dropped the primary group from
> processes group list iff the passed in group to virGetGroupList differs
> from the user's primary group.
>
> So always include the primary group to bring back the old behaviour.
>
> Debian has the kvm group as primary group but uses
> libvirt-qemu:libvirt-qemu as user:group to run the kvm process so
> without this change the /dev/kvm is inaccesible.
s/inaccesible/inaccessible/
> ---
> src/util/virutil.c | 30 +++++++++++++++++++++---------
> 1 file changed, 21 insertions(+), 9 deletions(-)
>
> +
> + if (gid != (gid_t)-1) {
> + if (VIR_REALLOC_N(*list, ++ret) < 0) {
> + VIR_FREE(*list);
> + goto cleanup;
> + }
> + (*list)[ret-1] = gid;
> + }
This may allow gid to appear in the list more than once - I'd feel a bit
more comfortable if you expanded the list only if you already validated
that gid is not in the list. Also, using VIR_APPEND_ELEMENT would be
nicer than VIR_REALLOC_N and manual list size manipulation.
Looking forward to v2.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list