Re: [libvirt] Fwd: libvirtd failing on MacOS in setgroups
Daniel P. Berrangé wrote:
> > FWIW I compiled libvirt without the setgroups code on Mac
and it
> > worked as expected. Not sure what the implications of that are though?
>
> OK, then the fix would be to not use setgroups on Mac, and nothing to do
> in gnulib. Right?
Not calling setgroups means the QEMU process doesn't run with any of
the supplementary groups associated with its user account, so this is
not really a working solution. It re-introduces the bug that the
setgroups call was added to fix.
For what purpose is libvirt or QEMU using setgroups()? What goes wrong if
setgroups() fails?
The problem is that the Darwin kernel does not support setting more than
NGROUPS_MAX (= 16) groups. So
- What happens when you have a user account which is in more than 16
groups? What do other processes do in this sitation?
- Is using the first 16 groups and ignoring the extra ones an acceptable
solution?
Bruno