Re: [libvirt] [PATCH] doc: Add statment about permissions needed to do a core dump
On 09/15/2011 02:27 AM, Peter Krempa wrote:
Documentation did not specify, that some permissions are required on
target path for coredump for the user running the hypervisor.
---
src/libvirt.c | 4 +++-
tools/virsh.pod | 3 +++
2 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/src/libvirt.c b/src/libvirt.c
index c32c7a6..ee88d87 100644
--- a/src/libvirt.c
+++ b/src/libvirt.c
@@ -2777,7 +2777,9 @@ error:
*
* This method will dump the core of a domain on a given file for analysis.
* Note that for remote Xen Daemon the file path will be interpreted in
- * the remote host.
+ * the remote host. Hypervisors may require execute and/or write permissions
+ * for destination path specified by argument @to for user running the
+ * hypervisor.
That sounds wrong to me. We already have the ability to relabel files
and directories so that qemu can access them; why should the core file
be any different than any other image file where libvirt is able to
grant proper permissions?
Also, the wording is misleading - you are talking about 'search'
permissions on the parent directories, not 'execute' on the file itself
(the x bit is double-duty, execute for files and search for
directories). So we should not be mentioning execute permissions. If
we can't fix the real bug (that is, that libvirt is not granting proper
permissions to qemu to be able to create the core dump), then I'd favor
wording more like:
Hypervisors may require the user to manually ensure proper permissions
on the file named by @to.
--
Eric Blake eblake(a)redhat.com +1-801-349-2682
Libvirt virtualization library http://libvirt.org