[libvir] [PATCH] Bad permissions on /var/run/libvirt/

Anton Protopopov aspsk2 at gmail.com
Mon Apr 14 15:37:56 UTC 2008


Non-root can't use /var/run/libvirt/libvirt-sock even in the case
"unix_sock_group" and "unix_sock_rw_perms" are set properly.

The reason:
   # ls -l /var/run /var/run/libvirt | grep libvirt | grep -v pid
   drwx------ 2 root root   4096 Apr 14 19:14 libvirt
   srwxrwx--- 1 root libvirt 0 Apr 14 19:14 libvirt-sock
   srwxrwxrwx 1 root libvirt 0 Apr 14 19:14 libvirt-sock-ro

i.e., bad permissions on /var/run/libvirt

One possible solution (implied in the attached patch) is the following:

Every time libvirtd starts
* it implicitly sets the group id of /var/run/libvirt:
        chown(/var/run/libvirt, -1, unix_sock_gid).
* if "unix_sock_group" defined in /etc/libvirt/libvirtd.conf, libvirtd does
         chmod g+x /var/run/libvirt
         chmod g-x /var/run/libvirt

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20080414/79465704/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix_libvir_qemud_bad_permissions.patch
Type: application/octet-stream
Size: 1425 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20080414/79465704/attachment-0001.obj>

More information about the libvir-list mailing list