Re: [libvirt] [PATCH 3/3] virnetdev: Add check for unprivileged daemon
On Tue, Nov 03, 2015 at 07:18:11PM -0500, John Ferlan wrote:
Using virNetDevSetupControl (due to usage of AF_PACKET instead of
AF_LOCAL for the socket call) or even ioctl(SIOCETHTOOL) will fail
for an unprivileged daemon. Since in the long run the caller only
cares if bits are found in order to set a bit in a bitmap, let's
just add a VIR_WARN instead of an error message.
Signed-off-by: John Ferlan <jferlan(a)redhat.com>
---
src/util/virnetdev.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/util/virnetdev.c b/src/util/virnetdev.c
index d47859e..acf8ba6 100644
--- a/src/util/virnetdev.c
+++ b/src/util/virnetdev.c
@@ -3154,6 +3154,14 @@ virNetDevSendEthtoolIoctl(const char *ifname, void *cmd)
int fd;
struct ifreq ifr;
+ /* Won't work if not running as root. Rather than generate
+ * error, just WARN and return.
+ */
+ if (geteuid() != 0) {
+ VIR_WARN("cannot get ETHTOOL feature bits");
+ return ret;
+ }
+
I think rather than this, we should patch node_Device_udev.c to simply
not call this API when running unprivileged
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|