On 3/9/19 1:14 PM, Peter Crowther wrote:
Use a tiny setuid C program that reads the relevant file and writes it to a known UNIX-domain socket that has more liberal permissions?
Indeed this is a possibility, but I was hoping for a cleaner solution that fit in with libvirt's existing authentication mechanisms. > I wouldn't expect this to end up being supported in libvirt, > though there's nothing to stop you creating your own patched version. That's a shame, but it's certainly not the end of the world. I may end up running my daemon as root, forking before dropping privileges, and using the child to open the files and pass them to the parent using SCM_RIGHTS or something. Thanks, Shawn _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
