Re: [libvir] [PATCH] Bad permissions on /var/run/libvirt/

Mon, 21 Apr 2008 02:06:27 -0700 

2008/4/17, Daniel Veillard <[EMAIL PROTECTED]>:
>
> On Mon, Apr 14, 2008 at 07:37:56PM +0400, Anton Protopopov wrote:
> > Hi,
> >
> > Non-root can't use /var/run/libvirt/libvirt-sock even in the case
> > "unix_sock_group" and "unix_sock_rw_perms" are set properly.
> >
> > The reason:
> >    # ls -l /var/run /var/run/libvirt | grep libvirt | grep -v pid
> >    drwx------ 2 root root   4096 Apr 14 19:14 libvirt
> >    srwxrwx--- 1 root libvirt 0 Apr 14 19:14 libvirt-sock
> >    srwxrwxrwx 1 root libvirt 0 Apr 14 19:14 libvirt-sock-ro
> >
> > i.e., bad permissions on /var/run/libvirt
>
>
>   Hum, how did you get this ? Maybe this is more a packaging problem than
> anything else


Yes, it was, sorry...

, I have this here:
>
> [EMAIL PROTECTED] ~]# rpm -qf /var/run/libvirt
> libvirt-0.4.1-3.fc8
> [EMAIL PROTECTED] ~]# rpm -V libvirt
> [EMAIL PROTECTED] ~]# ls -ld /var/run/libvirt
> drwxr-xr-x 2 root root 4096 2008-04-04 18:00 /var/run/libvirt
> [EMAIL PROTECTED] ~]# ls -l /var/run/libvirt
> total 0
> srwxrwxrwx 1 root root 0 2008-03-29 14:56 libvirt-sock
> srwxrwxrwx 1 root root 0 2008-03-29 14:56 libvirt-sock-ro
> [EMAIL PROTECTED] ~]#
>
>
> > One possible solution (implied in the attached patch) is the following:
> >
> > Every time libvirtd starts
> > * it implicitly sets the group id of /var/run/libvirt:
> >         chown(/var/run/libvirt, -1, unix_sock_gid).
> > * if "unix_sock_group" defined in /etc/libvirt/libvirtd.conf, libvirtd
> does
> >          chmod g+x /var/run/libvirt
> >    otherwise,
> >          chmod g-x /var/run/libvirt
>
>
>   I don't know, that's doable too, but if there is a packaging problem
> maybe it's good to have it fixed instead of changing permissions at
> runtime. But the configuration data should override this, that's true.
> What do others think ?
>
> Daniel
>
>
> --
> Red Hat Virtualization group http://redhat.com/virtualization/
> Daniel Veillard      | virtualization library  http://libvirt.org/
> [EMAIL PROTECTED]  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
> http://veillard.com/ | Rpmfind RPM search engine  http://rpmfind.net/
>

--
Libvir-list mailing list
Libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Reply via email to