[libvirt] Using unix domain sockets with serial devices
Chris Lalancette
clalancette at gmail.com
Wed Jul 10 02:12:59 UTC 2013
Hello,
The Oz automated install program (http://github.com/clalancette/oz)
uses a serial device inside a guest to communicate the guest IP address to
a listener on the host; once the host has the IP address, other
customization steps can take place.
This serial device in the guest is currently backed by a TCP socket on
the host. I use the following libvirt XML snippet to set this up:
<serial type="tcp">
<source mode="bind" host="127.0.0.1" service="9412"/>
<protocol type="raw"/>
<target port="1"/>
</serial>
DanB points out that this is probably insecure, and we should use named
pipes or Unix domain sockets instead. I was able to implement Unix domain
sockets with a few minor changes to Oz, but I'm running into a permissions
problem.
Essentially, the problem is that when you run Oz as a regular, non-root
user, there is no convenient place on the filesystem where both the qemu
user can read and write the socket, and where the user that is running Oz
can read the socket. I've tried using /var/lib/libvirt/qemu/*.port, but
that directory is 0650, so the regular user has no permission to it.
Similarly, the qemu user may not have permission to read the users home
directory, so I can't really put it there either.
Does anyone have any ideas of what I might do here? I'm open to
changing to any of Unix domain sockets, pipes, UDP sockets, or whatever,
but it has to work for both root and non-root users.
Thanks in advance,
Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20130709/910ea1e4/attachment-0001.htm>
More information about the libvir-list
mailing list