On Sat, Nov 2, 2013 at 11:20 AM, Ryota Ozaki <ozaki.ryota@xxxxxxxxx> wrote: > ping? > > Hope it's in the next release. It fixes libvirtd to accept virsh > accesses on localhost. > > ozaki-r > > On Fri, Oct 25, 2013 at 12:48 AM, Ryota Ozaki <ozaki.ryota@xxxxxxxxx> wrote: >> aa0f099 introduced a strict error checking for getsockopt and it >> revealed that getting a peer credential of a socket on FreeBSD >> didn't work. Libvirtd hits the error: >> error : virNetSocketGetUNIXIdentity:1198 : Failed to get valid >> client socket identity groups >> >> SOL_SOCKET (0xffff) was used as a level of getsockopt for >> LOCAL_PEERCRED, however, it was wrong. 0 is correct as well as >> Mac OS X. >> >> So for LOCAL_PEERCRED our options are SOL_LOCAL (if defined) or >> 0 on Mac OS X and FreeBSD. According to the fact, the patch >> simplifies the code by removing ifdef __APPLE__. >> >> I tested the patch on FreeBSD 8.4, 9.2 and 10.0-BETA1. >> >> Signed-off-by: Ryota Ozaki <ozaki.ryota@xxxxxxxxx> >> --- >> src/rpc/virnetsocket.c | 21 ++++++++++----------- >> 1 file changed, 10 insertions(+), 11 deletions(-) >> >> diff --git a/src/rpc/virnetsocket.c b/src/rpc/virnetsocket.c >> index 3eb5708..04bf25a 100644 >> --- a/src/rpc/virnetsocket.c >> +++ b/src/rpc/virnetsocket.c >> @@ -1152,18 +1152,17 @@ cleanup: >> /* VIR_SOL_PEERCRED - the value needed to let getsockopt() work with >> * LOCAL_PEERCRED >> */ >> -# ifdef __APPLE__ >> -# ifdef SOL_LOCAL >> -# define VIR_SOL_PEERCRED SOL_LOCAL >> -# else >> -/* Prior to Mac OS X 10.7, SOL_LOCAL was not defined and users were >> - * expected to supply 0 as the second value for getsockopt() when using >> - * LOCAL_PEERCRED >> - */ >> -# define VIR_SOL_PEERCRED 0 >> -# endif >> + >> +/* Mac OS X 10.8 provides SOL_LOCAL for LOCAL_PEERCRED */ >> +# ifdef SOL_LOCAL >> +# define VIR_SOL_PEERCRED SOL_LOCAL >> # else >> -# define VIR_SOL_PEERCRED SOL_SOCKET >> +/* FreeBSD and Mac OS X prior to 10.7, SOL_LOCAL is not defined and >> + * users are expected to supply 0 as the second value for getsockopt() >> + * when using LOCAL_PEERCRED. NB SOL_SOCKET cannot be used instead >> + * of SOL_LOCAL >> + */ >> +# define VIR_SOL_PEERCRED 0 >> # endif >> >> int virNetSocketGetUNIXIdentity(virNetSocketPtr sock, >> -- >> 1.8.4 >> Confirmed this through a visual code inspection of the FreeBSD 9.2 kernel. I also tested the patch through make check on FreeBSD 9.2 and Linux (though make check does not exercise the issue at hand). I believe its reasonable to push this for 1.1.4 so I'll go ahead and push it now. -- Doug Goldstein -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list