[libvirt] [PATCHv2 13/15] util: virSetUIDGIDWithCaps - change uid while keeping caps

[Laine Stump]

On 02/18/2013 10:09 AM, Guido Günther wrote:
> On Sat, Feb 16, 2013 at 05:53:05PM -0500, Laine Stump wrote:
>> On 02/16/2013 12:20 AM, Doug Goldstein wrote:
>>> The following error bisect's down to this commit when running out of
>>> my local checkout for testing.
>>>
>>> 2013-02-16 05:16:55.102+0000: 29992: error : virCommandWait:2270 :
>>> internal error Child process (LC_ALL=C
>>> LD_LIBRARY_PATH=/home/cardoe/work/libvirt/src/.libs
>>> PATH=/usr/local/bin:/usr/bin:/bin:/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/4.6.3:/usr/games/bin
>>> HOME=/home/cardoe USER=cardoe LOGNAME=cardoe /usr/bin/qemu-kvm -help)
>>> unexpected exit status 1: libvir:  error : internal error cannot apply
>>> process capabilities -1
>>>
>> Ugh. Can you manage to get that trapped in gdb and find out the value of
>> uid, gid, and capBits, as well as whether it is failing on the first
>> call to capng_apply() or the second (they both have the same error
>> messsage. (Whatever happened to the function name/line number that used
>> to be logged with the error messages?) I wonder if perhaps on debian
>> it's failing the capng_apply() call that happens after the uid is changed...
> It's uid = 0, gid = 0 (as can be seen when running with LIBVIRT_DEBUG=1)
> . See 20130217173308.GA11314 at bogon.sigxcpu.org for a proposed fix.

Ah, good. I see that one now (after searching through my google apps
spam folder.. grumble grumble.) I was suspicious there might be some
fallout due to no longer treating uid=0 as "ignore/don't change", but
didn't think to try session mode libvirtd. Thanks for figuring it out.