-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/23/2013 05:44 PM, Eric Blake wrote:
On 12/23/2013 03:17 PM, Eric Blake wrote:
+ if (!(conf = virConfReadFile(login_shell_path, 0))) + goto cleanup;
...and non-root invariably fails here, since login_shell_path (/etc/libvirt/virt-login-shell.conf) is buried inside a directory that is not searchable by either root or virtlogin.
Ah, I see - non-root fails here if run unprivileged (such as under gdb), but when run setuid it has the permissions of root and can read the file just fine.
Maybe need to give it cap_dac_read_search? /* Overrides all DAC restrictions regarding read and search on files and directories, including ACL restrictions if [_POSIX_ACL] is defined. Excluding DAC access covered by CAP_LINUX_IMMUTABLE. */ #define CAP_DAC_READ_SEARCH 2
Then again, when run as setuid, it's not even getting past virInitialize(). :(
At least I managed to figure out how to debug things: I recompiled with a sleep() at the beginning, gave my just-compiled binary the same setuid permissions as the installed binary, and then attach gdb (as root, since non-root can't ptrace a running setuid binary for obvious reasons). So I suspect that the failure in virInitialize() is yet more fallout from the CVE-2013-4400 patches being untested.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlLFgzgACgkQrlYvE4MpobNyiACfRJWSEAnfiKooQS7ujZnkmAiq +JIAoLmKB5nZl+Nj6QSHww870OOZJhK/ =4uBh -----END PGP SIGNATURE-----