Re: [libvirt] PATCH: Fix permissions problem starting QEMU
On Fri, Jul 31, 2009 at 09:28:37AM +0100, Mark McLoughlin wrote:
On Thu, 2009-07-30 at 15:00 +0100, Daniel P. Berrange wrote:
> There is a minor bug when running QEMU non-root, and having
> capng enabled. libvirt is unable to write the PID file in
> /var/run/libvirt/qemu, since its now owned by 'qemu', but
> libvirtd has dropped all capabilties at this point. The fix
> is to delay dropping capabilities until after the PID file
> has been created. We should also be sure to kill the child
> if writing the PID file fails
I haven't looked into it much yet, but don't we need to open up the
permissions on /var/lib/libvirt/images now? At least from 700 to 711 so
qemu can open images?
Hmm, that's a good point, we definitely need to do that. 711 shoudl be
good because that lets us chmod the individual imagges to allow QEMU
user to open them, while not allowing people to list the contents of
the directory
Regards,
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|