[libvirt] [patch]make libvirt run dir accessable for applications
Eric Blake
eblake at redhat.com
Mon Jun 4 19:16:37 UTC 2012
On 06/04/2012 06:56 AM, Royce Lv wrote:
> vdsm failed to connect to libvirt because of can't access
> /var/run/libvirt,caused by libvirt create this dir with umask(077)
> change the create umask to 022:
> https://bugzilla.redhat.com/show_bug.cgi?id=828073
>
> Signed-off-by: lvroyce <lvroyce at linux.vnet.ibm.com>
> ---
> daemon/libvirtd.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
> index c74cd43..6095072 100644
> --- a/daemon/libvirtd.c
> +++ b/daemon/libvirtd.c
> @@ -293,7 +293,7 @@ daemonUnixSocketPaths(struct daemonConfig *config,
> if (!(rundir = virGetUserRuntimeDirectory()))
> goto error;
>
> - old_umask = umask(077);
> + old_umask = umask(022);
Are you sure there are no other reasons to restrict group and world
read/search access to this directory? Opening up the permissions may be
the right fix, but I'd feel more comfortable if we had more
justification in the commit message describing why we are not
introducing a security breach by adding more access.
--
Eric Blake eblake at redhat.com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20120604/68e1c6dc/attachment-0001.sig>
More information about the libvir-list
mailing list