Setting unix_sock_group to something else than default "root" in /etc/libvirt/libvirtd.conf prevents system libvirtd from dumping core on crash. This is because we used setgid(unix_sock_group) before binding to /var/run/libvirt/libvirt-sock* and setgid() back to original group. However, if a process changes its effective or filesystem group ID, it will be forbidden from leaving core dumps unless fs.suid_dumpable sysctl is set to something else then 0 (and it is 0 by default).
Changing socket's group ownership after bind works better. And we can do so without introducing a race condition since we loosen access rights by changing the group from root to something else.
If you use fchown(sock->fd) then you avoid any possible race issues.
Except that it doesn't work. That was the first thing I tried but fchown() doesn't seem to work on unix sockets. The socket will still ended up with root:root ownership regardless on where I put fchown() -- either before bind() to avoid race issues or after it, which wouldn't be any better than chown(). Jirka