Re: [Libvir] PATCH: Allow control over UNIX socket perms & group in libvirtd

On Tue, Sep 18, 2007 at 04:17:32AM -0400, Daniel Veillard wrote: > On Tue, Sep 18, 2007 at 05:38:09AM +0100, Daniel P. Berrange wrote: > > NB, the virConf apis don't seem to recognise Octal numbers when parsing > > the config file, so I've used strings for the permissions. Not a big deal > > really unless someone desperately wants to fix the config file parser... > [...] > > +static gid_t unix_sock_gid = 0; /* Only root by default */ > > +static int unix_sock_rw_perms = 0700; /* Allow user only */ > > +static int unix_sock_ro_perms = 0777; /* Allow world */ > [...] > > - if (readonly) > > - oldmask = umask(~(S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH)); > > - else > > - oldmask = umask(~(S_IRUSR | S_IWUSR)); > > + oldgrp = getgid(); > > + oldmask = umask(readonly ? ~unix_sock_ro_perms : ~unix_sock_rw_perms); > > + if (getuid() == 0) > > + setgid(unix_sock_gid); > > + > > Looks fine but we went from the full macros definition to the pre > digested octal value. But I'm not old enough to really care :-) The umask was wanting a mask, while the configuration file (for end-user sanity) wants a mode instead. So I figured it was best to simply stick with mode throughout the code, and simply invert it when passing into umask at time of use.

I added this to CVS & along with the updated docs on the 3 new configuration parameters for the daemon.