[libvirt] [PATCH] spec: Fix permissions of /var/run/libvirt/qemu

[Martin Kletzander]

On Thu, May 23, 2019 at 03:07:05PM +0200, Jiri Denemark wrote:
>While libvirtd creates this directory with the default 0755 mode, the
>spec file stores 0700 in the RPM database. Thus RPM verification always
>complains about this directory. Let's fix the spec file to match
>reality.
>
>Signed-off-by: Jiri Denemark <jdenemar at redhat.com>
>---
>
>Notes:
>    Alternatively, we could change libvirt to create the directory with
>    0700 (instead of 0755), but all other drivers use 0755 (both in
>    reality and in the spec file) and 0700 wouldn't really enhance
>    security anyway.
>

It would also not work because domains would not be able to get to any file in
there (like qemu agent socket, etc.)

Reviewed-by: Martin Kletzander <mkletzan at redhat.com>

> libvirt.spec.in | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
>diff --git a/libvirt.spec.in b/libvirt.spec.in
>index 970d2742ac..dc69920d75 100644
>--- a/libvirt.spec.in
>+++ b/libvirt.spec.in
>@@ -1661,7 +1661,7 @@ exit 0
> %config(noreplace) %{_sysconfdir}/libvirt/qemu.conf
> %config(noreplace) %{_sysconfdir}/libvirt/qemu-lockd.conf
> %config(noreplace) %{_sysconfdir}/logrotate.d/libvirtd.qemu
>-%ghost %dir %attr(0700, root, root) %{_localstatedir}/run/libvirt/qemu/
>+%ghost %dir %{_localstatedir}/run/libvirt/qemu/
> %dir %attr(0751, %{qemu_user}, %{qemu_group}) %{_localstatedir}/lib/libvirt/qemu/
> %dir %attr(0750, %{qemu_user}, %{qemu_group}) %{_localstatedir}/cache/libvirt/qemu/
> %{_datadir}/augeas/lenses/libvirtd_qemu.aug
>-- 
>2.21.0
>
>--
>libvir-list mailing list
>libvir-list at redhat.com
>https://www.redhat.com/mailman/listinfo/libvir-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20190524/4af6f158/attachment-0001.sig>