[libvirt] QMP Capability Detection Issues with GIT version of QEMU

[Daniel P. Berrange]

On Thu, Nov 22, 2012 at 05:41:30PM +0100, Viktor Mihajlovski wrote:
> I ran into trouble today trying to use the GIT level of QEMU.
> 
> In a nutshell: the capability detection with QMP is failing
> and the fallback using -help isn't working with the GIT level
> probably due to help text reformatting.
> 
> The failure reason is that QEMU cannot bind to the
> QMP monitor socket in the /var/lib/libvirt/qemu directory.
> That's because the child process is stripped of all
> capabilities and this directory is chown'ed to qemu:qemu
> by the QEMU driver.
> 
> Note that this is failing with the release QEMU as well,
> with the difference that the fallback is working there.
> 
> I am willing to provide a patch, however I'd like
> to get feedback on the approach to use:
> 
> 1. Add back Linux capabilities CAP_DAC_OVERRIDE,
>    CAP_DAC_READ_SEARCH to allow QEMU to bind to
>    the monitor socket.
>    This seems to be hacky/dodging the problem.
> 
> 2. Use a separate directory for the QMP probing
>    instance of QEMU.
> 
> 3. Run the QMP QEMU under the configured qemu
>    user. This would be my favorite.

Yep, this seems like the right thing todo.

/me tries to understand why I didn't see this problem myself.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|