[libvirt] PATCH: Fix permissions problem starting QEMU

[Mark McLoughlin]

On Fri, 2009-07-31 at 09:41 +0100, Daniel P. Berrange wrote:
> On Fri, Jul 31, 2009 at 09:28:37AM +0100, Mark McLoughlin wrote:
> > On Thu, 2009-07-30 at 15:00 +0100, Daniel P. Berrange wrote:
> > > There is a minor bug when running QEMU non-root, and having
> > > capng enabled. libvirt is unable to write the PID file in
> > > /var/run/libvirt/qemu, since its now owned by 'qemu', but
> > > libvirtd has dropped all capabilties at this point. The fix
> > > is to delay dropping capabilities until after the PID file
> > > has been created. We should also be sure to kill the child
> > > if writing the PID file fails
> > 
> > I haven't looked into it much yet, but don't we need to open up the
> > permissions on /var/lib/libvirt/images now? At least from 700 to 711 so
> > qemu can open images?
> 
> Hmm, that's a good point, we definitely need to do that. 711 shoudl be
> good because that lets us chmod the individual imagges to allow QEMU 
> user to open them, while not allowing people to list the contents of
> the directory

Okay, committing this.

Cheers,
Mark.

From: Mark McLoughlin <markmc at redhat.com>
Subject: [PATCH] Set perms on /var/lib/libvirt/images to 0711

Allow qemu user to open images in this dir, but still prevent others
from listing it.

* libvirt.spec.in: set /var/lib/libvirt/images perms to 0711
---
 libvirt.spec.in |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/libvirt.spec.in b/libvirt.spec.in
index c295629..fdc2210 100644
--- a/libvirt.spec.in
+++ b/libvirt.spec.in
@@ -489,7 +489,7 @@ fi
 %dir %{_localstatedir}/run/libvirt/
 
 %dir %{_localstatedir}/lib/libvirt/
-%dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/images/
+%dir %attr(0711, root, root) %{_localstatedir}/lib/libvirt/images/
 %dir %attr(0700, root, root) %{_localstatedir}/lib/libvirt/boot/
 %dir %attr(0700, root, root) %{_localstatedir}/cache/libvirt/
 
-- 
1.6.2.5