[libvirt] Fwd: libvirtd failing on MacOS in setgroups
Bruno Haible
bruno at clisp.org
Mon Sep 30 12:06:07 UTC 2019
Daniel P. Berrangé wrote:
> > > FWIW I compiled libvirt without the setgroups code on Mac and it
> > > worked as expected. Not sure what the implications of that are though?
> >
> > OK, then the fix would be to not use setgroups on Mac, and nothing to do
> > in gnulib. Right?
>
> Not calling setgroups means the QEMU process doesn't run with any of
> the supplementary groups associated with its user account, so this is
> not really a working solution. It re-introduces the bug that the
> setgroups call was added to fix.
For what purpose is libvirt or QEMU using setgroups()? What goes wrong if
setgroups() fails?
The problem is that the Darwin kernel does not support setting more than
NGROUPS_MAX (= 16) groups. So
- What happens when you have a user account which is in more than 16
groups? What do other processes do in this sitation?
- Is using the first 16 groups and ignoring the extra ones an acceptable
solution?
Bruno
More information about the libvir-list
mailing list