Re: [libvirt] [PATCH] daemon: Fix core dumps if unix_sock_group is set
> Setting unix_sock_group to something else than default
"root" in
> /etc/libvirt/libvirtd.conf prevents system libvirtd from dumping core on
> crash. This is because we used setgid(unix_sock_group) before binding to
> /var/run/libvirt/libvirt-sock* and setgid() back to original group.
> However, if a process changes its effective or filesystem group ID, it
> will be forbidden from leaving core dumps unless fs.suid_dumpable sysctl
> is set to something else then 0 (and it is 0 by default).
>
> Changing socket's group ownership after bind works better. And we can do
> so without introducing a race condition since we loosen access rights by
> changing the group from root to something else.
If you use fchown(sock->fd) then you avoid any possible race issues.
Except that it doesn't work. That was the first thing I tried but fchown()
doesn't seem to work on unix sockets. The socket will still ended up with
root:root ownership regardless on where I put fchown() -- either before bind()
to avoid race issues or after it, which wouldn't be any better than chown().
Jirka