Re: [libvirt] Using unix domain sockets with serial devices

Hello, The Oz automated install program (http://github.com/clalancette/oz) uses a serial device inside a guest to communicate the guest IP address to a listener on the host; once the host has the IP address, other customization steps can take place. This serial device in the guest is currently backed by a TCP socket on the host. I use the following libvirt XML snippet to set this up: <serial type="tcp"> <source mode="bind" host="127.0.0.1" service="9412"/> <protocol type="raw"/> <target port="1"/> </serial> DanB points out that this is probably insecure, and we should use named pipes or Unix domain sockets instead. I was able to implement Unix domain sockets with a few minor changes to Oz, but I'm running into a permissions problem. Essentially, the problem is that when you run Oz as a regular, non-root user, there is no convenient place on the filesystem where both the qemu user can read and write the socket, and where the user that is running Oz can read the socket. I've tried using /var/lib/libvirt/qemu/*.port, but that directory is 0650, so the regular user has no permission to it. Similarly, the qemu user may not have permission to read the users home directory, so I can't really put it there either. Does anyone have any ideas of what I might do here? I'm open to changing to any of Unix domain sockets, pipes, UDP sockets, or whatever, but it has to work for both root and non-root users.