[libvirt] [patch]make libvirt run dir accessable for applications

Eric Blake eblake at redhat.com
Mon Jun 4 19:34:42 UTC 2012 

On 06/04/2012 01:16 PM, Eric Blake wrote:
> On 06/04/2012 06:56 AM, Royce Lv wrote:
>> vdsm failed to connect to libvirt because of can't access
>> /var/run/libvirt,caused by libvirt create this dir with umask(077)
>> change the create umask to 022:
>> https://bugzilla.redhat.com/show_bug.cgi?id=828073
>>
>> Signed-off-by: lvroyce <lvroyce at linux.vnet.ibm.com>
>> ---
>>  daemon/libvirtd.c |    2 +-
>>  1 files changed, 1 insertions(+), 1 deletions(-)
>>
>> diff --git a/daemon/libvirtd.c b/daemon/libvirtd.c
>> index c74cd43..6095072 100644
>> --- a/daemon/libvirtd.c
>> +++ b/daemon/libvirtd.c
>> @@ -293,7 +293,7 @@ daemonUnixSocketPaths(struct daemonConfig *config,
>>              if (!(rundir = virGetUserRuntimeDirectory()))
>>                  goto error;
>>
>> -            old_umask = umask(077);
>> +            old_umask = umask(022);
> 
> Are you sure there are no other reasons to restrict group and world
> read/search access to this directory?  Opening up the permissions may be
> the right fix, but I'd feel more comfortable if we had more
> justification in the commit message describing why we are not
> introducing a security breach by adding more access.

Food for thought when answering this question.  Right now, on my F17
box, I see:

# ll /var/run/libvirt
total 0
srwxrwxrwx. 1 root root  0 Jun  4 05:24 libvirt-sock
srwxrwxrwx. 1 root root  0 Jun  4 05:24 libvirt-sock-ro
drwxr-xr-x. 2 root root 40 Jun  4 05:24 libxl
drwxr-xr-x. 2 root root 60 Jun  4 05:24 network
drwxr-xr-x. 2 root root 80 Jun  4 13:18 qemu
drwxr-xr-x. 2 root root 40 Jun  4 05:24 uml-guest

but then I see this in libvirt.spec.in:

%ghost %dir %attr(0700, root, root) %{_localstatedir}/run/libvirt/qemu/

Why is the qemu listed as 755 on my file system, but 700 in the spec
file?  We've definitely got some explaining to do.

-- 
Eric Blake   eblake at redhat.com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 620 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20120604/003223c5/attachment-0001.sig>

More information about the libvir-list mailing list