On 11/01/2013 12:49 PM, Giuseppe Scrivano wrote: > There are no reasons to expose cache files to everyone so restrict the > access to the owner. > > Signed-off-by: Giuseppe Scrivano <gscrivan@xxxxxxxxxx> > --- > virtManager/connection.py | 2 +- > virtManager/domain.py | 2 +- > virtinst/cli.py | 2 +- > virtinst/distroinstaller.py | 2 +- > virtinst/urlfetcher.py | 2 +- > virtinst/util.py | 2 +- > 6 files changed, 6 insertions(+), 6 deletions(-) > With old enough libvirt, where vol upload isn't available, virt-manager will download kernel/initrd to the cache dir, and the launched qemu process needs to access them in place. virt-manager already has some logic to ask the user if we can fix these permissions which might do the job here, but I wouldn't want to apply this patch until its explicitly tested. Easiest is just to leave it as is. Thanks, Cole > diff --git a/virtManager/connection.py b/virtManager/connection.py > index 313f680..d93fcb2 100644 > --- a/virtManager/connection.py > +++ b/virtManager/connection.py > @@ -316,7 +316,7 @@ class vmmConnection(vmmGObject): > uri = self.get_uri().replace("/", "_") > ret = os.path.join(util.get_cache_dir(), uri) > if not os.path.exists(ret): > - os.makedirs(ret, 0755) > + os.makedirs(ret, 0700) > return ret > > def get_default_storage_format(self): > diff --git a/virtManager/domain.py b/virtManager/domain.py > index b8324d5..bb93166 100644 > --- a/virtManager/domain.py > +++ b/virtManager/domain.py > @@ -1649,7 +1649,7 @@ class vmmDomain(vmmLibvirtObject): > def get_cache_dir(self): > ret = os.path.join(self.conn.get_cache_dir(), self.get_uuid()) > if not os.path.exists(ret): > - os.makedirs(ret, 0755) > + os.makedirs(ret, 0700) > return ret > > > diff --git a/virtinst/cli.py b/virtinst/cli.py > index a2add57..e660a5e 100644 > --- a/virtinst/cli.py > +++ b/virtinst/cli.py > @@ -155,7 +155,7 @@ def setupLogging(appname, debug_stdout, do_quiet, cli_app=True): > raise RuntimeError("No write access to directory %s" % vi_dir) > > try: > - os.makedirs(vi_dir, 0751) > + os.makedirs(vi_dir, 0700) > except IOError, e: > raise RuntimeError("Could not create directory %s: %s" % > (vi_dir, e)) > diff --git a/virtinst/distroinstaller.py b/virtinst/distroinstaller.py > index 7acabd1..2cd041e 100644 > --- a/virtinst/distroinstaller.py > +++ b/virtinst/distroinstaller.py > @@ -227,7 +227,7 @@ def _perform_initrd_injections(initrd, injections, scratchdir): > return > > tempdir = tempfile.mkdtemp(dir=scratchdir) > - os.chmod(tempdir, 0775) > + os.chmod(tempdir, 0700) > > for filename in injections: > logging.debug("Copying %s to the initrd.", filename) > diff --git a/virtinst/urlfetcher.py b/virtinst/urlfetcher.py > index a31d7de..5a1d4eb 100644 > --- a/virtinst/urlfetcher.py > +++ b/virtinst/urlfetcher.py > @@ -62,7 +62,7 @@ class _ImageFetcher(object): > > def saveTemp(self, fileobj, prefix): > if not os.path.exists(self.scratchdir): > - os.makedirs(self.scratchdir, 0750) > + os.makedirs(self.scratchdir, 0700) > (fd, fn) = tempfile.mkstemp(prefix="virtinst-" + prefix, > dir=self.scratchdir) > block_size = 16384 > diff --git a/virtinst/util.py b/virtinst/util.py > index f79192e..5bcfbe0 100644 > --- a/virtinst/util.py > +++ b/virtinst/util.py > @@ -494,7 +494,7 @@ def make_scratchdir(conn, hvtype): > not os.access(scratch, os.W_OK)): > scratch = os.path.join(get_cache_dir(), "boot") > if not os.path.exists(scratch): > - os.makedirs(scratch, 0751) > + os.makedirs(scratch, 0700) > > return scratch > > _______________________________________________ virt-tools-list mailing list virt-tools-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/virt-tools-list