[libvirt] qemu driver: initgroups after fork
Laine Stump
laine at laine.org
Sun Dec 19 18:56:02 UTC 2010
On 12/19/2010 08:17 AM, Dan Kenigsberg wrote:
> Hi,
>
> I might be wrong here, but it seems that when libvirt spawns a new qemu process,
> it sets its uid and gid (qemu:qemu by deafult) but does not call initgroups(),
> so the spawned qemu cannot read files that are owned by qemu auxiliary groups.
>
> Am I right? How difficult is the fix?
You are correct that initgroups isn't called.
It looks like it could be fixed with a call to initgroups in
qemu_security.c:qemuSecurityDACSetProcessLabel(), but I would defer to
Dan Berrange as to whether that's the best place to put it.
More information about the libvir-list
mailing list