On Thu, Nov 22, 2012 at 05:41:30PM +0100, Viktor Mihajlovski wrote:
I ran into trouble today trying to use the GIT level of QEMU.
In a nutshell: the capability detection with QMP is failing and the fallback using -help isn't working with the GIT level probably due to help text reformatting.
The failure reason is that QEMU cannot bind to the QMP monitor socket in the /var/lib/libvirt/qemu directory. That's because the child process is stripped of all capabilities and this directory is chown'ed to qemu:qemu by the QEMU driver.
Note that this is failing with the release QEMU as well, with the difference that the fallback is working there.
I am willing to provide a patch, however I'd like to get feedback on the approach to use:
1. Add back Linux capabilities CAP_DAC_OVERRIDE, CAP_DAC_READ_SEARCH to allow QEMU to bind to the monitor socket. This seems to be hacky/dodging the problem.
2. Use a separate directory for the QMP probing instance of QEMU.
3. Run the QMP QEMU under the configured qemu user. This would be my favorite.
Yep, this seems like the right thing todo. /me tries to understand why I didn't see this problem myself. Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|