[libvir] [PATCH] Bad permissions on /var/run/libvirt/
Daniel Veillard
veillard at redhat.com
Thu Apr 17 16:08:06 UTC 2008
On Mon, Apr 14, 2008 at 07:37:56PM +0400, Anton Protopopov wrote:
> Hi,
>
> Non-root can't use /var/run/libvirt/libvirt-sock even in the case
> "unix_sock_group" and "unix_sock_rw_perms" are set properly.
>
> The reason:
> # ls -l /var/run /var/run/libvirt | grep libvirt | grep -v pid
> drwx------ 2 root root 4096 Apr 14 19:14 libvirt
> srwxrwx--- 1 root libvirt 0 Apr 14 19:14 libvirt-sock
> srwxrwxrwx 1 root libvirt 0 Apr 14 19:14 libvirt-sock-ro
>
> i.e., bad permissions on /var/run/libvirt
Hum, how did you get this ? Maybe this is more a packaging problem than
anything else, I have this here:
[root at paphio ~]# rpm -qf /var/run/libvirt
libvirt-0.4.1-3.fc8
[root at paphio ~]# rpm -V libvirt
[root at paphio ~]# ls -ld /var/run/libvirt
drwxr-xr-x 2 root root 4096 2008-04-04 18:00 /var/run/libvirt
[root at paphio ~]# ls -l /var/run/libvirt
total 0
srwxrwxrwx 1 root root 0 2008-03-29 14:56 libvirt-sock
srwxrwxrwx 1 root root 0 2008-03-29 14:56 libvirt-sock-ro
[root at paphio ~]#
> One possible solution (implied in the attached patch) is the following:
>
> Every time libvirtd starts
> * it implicitly sets the group id of /var/run/libvirt:
> chown(/var/run/libvirt, -1, unix_sock_gid).
> * if "unix_sock_group" defined in /etc/libvirt/libvirtd.conf, libvirtd does
> chmod g+x /var/run/libvirt
> otherwise,
> chmod g-x /var/run/libvirt
I don't know, that's doable too, but if there is a packaging problem
maybe it's good to have it fixed instead of changing permissions at
runtime. But the configuration data should override this, that's true.
What do others think ?
Daniel
--
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard | virtualization library http://libvirt.org/
veillard at redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/
More information about the libvir-list
mailing list