Re: [Libvir] PATCH: Allow control over UNIX socket perms & group in libvirtd

When I submitted the patches for PolicyKit[1] support a few weeks back Rich suggested that we should have the ability to set UNIX socket permissions and group ownership regardless. So this patch adds that ability. The default setting is still, group=root, and mode=0700 for R/W socket and mode=0777 for the R/O socket. It is possible to override this via the config file eg, Don't allow R/O monitoring unix_sock_ro_perms="0700" eg, Allow any user in 'admin' group to manage VMs unix_sock_group="admin" unix_sock_rw_perms="0770" eg, Allow anyone todo anything unix_sock_rw_perms="0777" NB, the fchgrp, and fchown syscalls don't have any effect on sockets, so to set the group ownership & desired mode, I have to play games with the setgid() and umask() calls prior to bind(), and then restore them to their original values. NB, the virConf apis don't seem to recognise Octal numbers when parsing the config file, so I've used strings for the permissions. Not a big deal really unless someone desperately wants to fix the config file parser...

+static gid_t unix_sock_gid = 0; /* Only root by default */ +static int unix_sock_rw_perms = 0700; /* Allow user only */ +static int unix_sock_ro_perms = 0777; /* Allow world */

- if (readonly) - oldmask = umask(~(S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP | S_IROTH | S_IWOTH)); - else - oldmask = umask(~(S_IRUSR | S_IWUSR)); + oldgrp = getgid(); + oldmask = umask(readonly ? ~unix_sock_ro_perms : ~unix_sock_rw_perms); + if (getuid() == 0) + setgid(unix_sock_gid); +