[libvir] [PATCH] Bad permissions on /var/run/libvirt/
Anton Protopopov
aspsk2 at gmail.com
Mon Apr 14 15:37:56 UTC 2008
Hi,
Non-root can't use /var/run/libvirt/libvirt-sock even in the case
"unix_sock_group" and "unix_sock_rw_perms" are set properly.
The reason:
# ls -l /var/run /var/run/libvirt | grep libvirt | grep -v pid
drwx------ 2 root root 4096 Apr 14 19:14 libvirt
srwxrwx--- 1 root libvirt 0 Apr 14 19:14 libvirt-sock
srwxrwxrwx 1 root libvirt 0 Apr 14 19:14 libvirt-sock-ro
i.e., bad permissions on /var/run/libvirt
One possible solution (implied in the attached patch) is the following:
Every time libvirtd starts
* it implicitly sets the group id of /var/run/libvirt:
chown(/var/run/libvirt, -1, unix_sock_gid).
* if "unix_sock_group" defined in /etc/libvirt/libvirtd.conf, libvirtd does
chmod g+x /var/run/libvirt
otherwise,
chmod g-x /var/run/libvirt
A.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20080414/79465704/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix_libvir_qemud_bad_permissions.patch
Type: application/octet-stream
Size: 1425 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20080414/79465704/attachment-0001.obj>
More information about the libvir-list
mailing list