[libvirt] [PATCH RFC] qemu: caps: Don't try to ask for CAP_DAC_OVERRIDE if non-root
Erik Skultety
eskultet at redhat.com
Mon Feb 4 15:55:08 UTC 2019
On Mon, Feb 04, 2019 at 04:26:02PM +0100, Peter Krempa wrote:
> It will not work. This breaks qemu capabilities probing as a user.
> ---
> src/qemu/qemu_capabilities.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/src/qemu/qemu_capabilities.c b/src/qemu/qemu_capabilities.c
> index 7ed5f94803..81ef0357e7 100644
> --- a/src/qemu/qemu_capabilities.c
> +++ b/src/qemu/qemu_capabilities.c
> @@ -4524,7 +4524,8 @@ virQEMUCapsInitQMPCommandRun(virQEMUCapsInitQMPCommandPtr cmd,
> #if WITH_CAPNG
> /* QEMU might run into permission issues, e.g. /dev/sev (0600), override
> * them just for the purpose of probing */
> - virCommandAllowCap(cmd->cmd, CAP_DAC_OVERRIDE);
> + if (geteuid() == 0)
> + virCommandAllowCap(cmd->cmd, CAP_DAC_OVERRIDE);
This should be enough of a fix with the current code base as it won't clash with
the other two CAP_SYS_RAWIO and CAP_NET_ADMIN which should still fail when used
with the session daemon as expected.
Reviewed-by: Erik Skultety <eskultet at redhat.com>
More information about the libvir-list
mailing list